[ xman25 @ 11.11.2009. 17:18 ] @
Nedavno mi je pocela da iskace ova poruka pri pokretanju Mozille ali kada sam isao na OK Mozilla se normalno otvori. Od danas nakon pojavljivanja ove poruke Mozilla nece da se otvori vec izbaci ovu poruku:

Probao sam sa brisanjem Mozille i ponovnom instalacijom i nista i sa system restore na prethodni dan ali takodje ostaje nepromenjeno. Znaci sada ne mogu vise uopste da pokrenem Mozillu, uvek mi izbacuje one dve poruke. Uradio sam log preko ComboFix-a:
Citat:
ComboFix 09-11-11.01 - Administrator 11.11.2009 17:48.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1411 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SeARchsettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\basis_fr.xml
c:\program files\Fast Browser Search\basis_it.xml
c:\program files\Fast Browser Search\basis_nr.xml
c:\program files\Fast Browser Search\basis_pt.xml
c:\program files\Fast Browser Search\basis_ru.xml
c:\program files\Fast Browser Search\basis_tr.xml
c:\program files\Fast Browser Search\BHO.dll
c:\program files\Fast Browser Search\ClearRecycleBin.exe
c:\program files\Fast Browser Search\error.html
c:\program files\Fast Browser Search\FBSPlugin.dll
c:\program files\Fast Browser Search\fbsProtection.xml
c:\program files\Fast Browser Search\FbsSearchProvider.xml
c:\program files\Fast Browser Search\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\Fast Browser Search\search_br.bmp
c:\program files\Fast Browser Search\SGPUpdaterS.exe
c:\program files\Fast Browser Search\tbhelper.dll
c:\program files\Fast Browser Search\tbs_include_script_003175.js
c:\program files\Fast Browser Search\tbs_include_script_005064.js
c:\program files\Fast Browser Search\tbs_include_script_012817.js
c:\program files\Fast Browser Search\Toolbar Help.htm
c:\program files\Fast Browser Search\uninstall.exe
c:\program files\Fast Browser Search\uninstalSGP.exe
c:\program files\Fast Browser Search\uninstalSGPU.exe
c:\program files\Fast Browser Search\update.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\SGPSA
c:\users\Administrator\My Documents\cc_20091103_005612.reg
c:\windows\system32\d3d10core.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\version.txt

c:\windows\system32\LogonUI.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 15:37 . 2009-11-11 15:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-10 19:45 . 2009-11-10 19:45 -------- d-----w- c:\program files\eGames
2009-11-08 18:04 . 2009-11-08 18:04 10880192 ----a-w- c:\users\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2009-11-07 23:42 . 2009-11-07 23:42 -------- d-----w- c:\program files\BS player
2009-11-07 23:00 . 2009-11-07 23:02 -------- d-----w- c:\program files\Your Uninstaller
2009-11-07 22:54 . 2009-11-07 22:58 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-11-07 20:31 . 2009-11-07 20:33 6147544 ----a-w- c:\users\Administrator\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-11-07 20:31 . 2007-03-22 10:46 126976 ----a-w- c:\users\Administrator\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-11-05 00:04 . 2009-11-05 00:04 152576 ----a-w- c:\users\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 16:00 . 2009-11-04 18:26 -------- d-----w- c:\users\All Users\Application Data\FarmFrenzy3
2009-11-04 15:59 . 2009-11-04 15:59 -------- d-----w- c:\program files\LeeGTs Games
2009-11-03 16:51 . 2009-11-03 16:51 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-03 16:51 . 2009-11-03 16:51 93360 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-03 16:51 . 2009-11-03 16:51 554280 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-03 16:51 . 2009-11-03 16:51 212480 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-03 16:51 . 2009-11-03 16:51 283944 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-03 16:51 . 2009-11-03 16:51 1223976 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-03 16:51 . 2009-11-03 16:51 242984 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 02:03 . 2009-10-29 02:03 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help
2009-10-26 14:52 . 2009-10-26 14:52 -------- d-----w- c:\users\All Users\Application Data\2BrightSparks
2009-10-26 14:52 . 2009-10-26 14:52 -------- d-----w- c:\program files\2BrightSparks
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\users\All Users\Application Data\Freedom Scientific
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\program files\ssce
2009-10-19 18:32 . 2009-10-19 18:32 -------- d-----w- c:\windows\system32\HJSMEM
2009-10-19 18:31 . 2009-10-19 18:33 -------- d-----w- c:\program files\Freedom Scientific
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\4000008500003i\PDFToText.exe
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\400000600002i\AcroRd32Info.exe
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\1000000b00002i\verclsid.exe
2009-10-18 18:25 . 2003-12-18 16:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-10-18 18:25 . 2003-12-18 16:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-10-18 18:25 . 2003-12-18 16:53 304640 ----a-w- c:\windows\system32\hlvdd.dll
2009-10-18 18:25 . 2004-01-31 18:14 420000 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-10-18 18:25 . 2003-12-18 16:53 47616 ----a-w- c:\windows\system32\drivers\haspnt.sys
2009-10-18 18:22 . 2009-10-18 18:22 -------- d-----w- C:\HaspEmulPE.XP
2009-10-18 18:10 . 2009-10-18 18:10 -------- d-----w- c:\users\Administrator\Application Data\Freedom Scientific
2009-10-18 18:07 . 2009-10-18 18:08 -------- d-----w- c:\program files\anReader
2009-10-18 16:54 . 2009-10-19 18:32 -------- d--h--w- c:\program files\Freedom Scientific Installation Information
2009-10-18 15:57 . 2009-10-18 15:57 -------- d-----w- c:\program files\Rainbow Technologies
2009-10-18 15:57 . 2008-10-07 13:33 6058112 ----a-w- c:\windows\system32\dcmc0d0.dll
2009-10-17 19:31 . 2009-07-23 09:56 714752 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-10-17 19:30 . 2009-07-13 11:19 256792 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-10-17 19:29 . 2009-10-17 19:31 -------- d-----w- c:\windows\system32\Filt
2009-10-17 19:29 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-10-17 19:28 . 2009-10-17 19:28 -------- d-----w- c:\program files\Agnitum
2009-10-17 19:28 . 2009-10-17 19:28 -------- d-----w- c:\users\All Users\Application Data\Agnitum
2009-10-17 17:52 . 2009-10-17 17:52 -------- d-sh--w- c:\users\LocalService\IETldCache
2009-10-17 15:50 . 2009-11-03 16:51 537576 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-17 15:46 . 2009-10-17 15:46 -------- dc-h--w- c:\users\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 15:46 . 2009-10-03 08:15 2924848 -c--a-w- c:\users\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 09:40 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-14 09:37 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-14 09:35 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-13 22:35 . 2009-10-13 22:35 -------- d-----w- c:\program files\Search Guard PlusU
2009-10-13 22:35 . 2009-10-13 22:35 -------- d-----w- c:\program files\Search Guard Plus
2009-10-12 20:47 . 2008-03-05 14:03 329224 ----a-w- c:\windows\system32\DXErr.exe
2009-10-12 20:47 . 2008-03-09 05:25 236 ----a-w- c:\program files\Common Files\dx.reg
2009-10-12 20:47 . 2008-03-05 14:03 209416 ----a-w- c:\windows\system32\dxcpl.exe
2009-10-12 20:47 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
2009-10-12 20:47 . 2006-11-02 10:46 39936 ----a-w- c:\windows\system32\dwmapi.dll
2009-10-12 20:47 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2009-10-12 20:47 . 2006-11-02 10:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
2009-10-12 20:47 . 2008-04-12 16:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
2009-10-12 20:47 . 2009-10-12 20:45 716153 ----a-w- c:\windows\system32\unins000.exe
2009-10-12 20:46 . 2009-10-12 20:47 2733 ----a-w- c:\windows\system32\unins000.dat
2009-10-12 17:17 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-12 17:17 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-12 17:17 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-12 17:17 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-12 17:16 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-12 17:16 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-12 17:16 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-12 17:16 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-12 17:16 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 17:16 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-12 17:16 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 17:16 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-12 17:16 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-12 17:14 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 16:58 . 2009-08-17 12:10 -------- d-----w- c:\users\All Users\Application Data\Babylon
2009-11-11 16:32 . 2009-08-11 16:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-11 16:29 . 2009-08-01 14:11 -------- d-----w- c:\users\All Users\Application Data\Spyware Terminator
2009-11-11 16:29 . 2009-08-01 14:11 -------- d-----w- c:\program files\Spyware Terminator
2009-11-11 16:00 . 2009-08-01 14:11 -------- d-----w- c:\users\Administrator\Application Data\Spyware Terminator
2009-11-11 08:39 . 2009-08-01 15:34 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-11-11 08:21 . 2009-08-01 13:34 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2009-11-10 19:55 . 2009-08-01 21:33 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-11-10 18:38 . 2009-08-06 23:24 -------- d-----w- c:\users\Administrator\Application Data\Thinstall
2009-11-10 18:03 . 2009-08-01 21:35 -------- d-----w- c:\users\Administrator\Application Data\skypePM
2009-11-08 18:02 . 2009-08-16 02:03 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-08 17:51 . 2009-07-31 18:02 -------- d-----w- c:\users\Administrator\Application Data\BSplayer PRO
2009-11-07 23:00 . 2009-08-01 15:34 -------- d-----w- c:\users\Administrator\Application Data\URSoft
2009-11-07 19:49 . 2009-08-01 19:16 -------- d-----w- c:\program files\Paint.NET
2009-11-05 00:05 . 2009-08-01 11:41 -------- d-----w- c:\program files\Java
2009-11-04 15:10 . 2009-08-30 21:27 -------- d-----w- c:\program files\Farm Frenzy Pizza Party
2009-11-03 16:51 . 2009-10-02 15:30 862040 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-03 16:51 . 2009-10-02 15:30 15880 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-03 16:51 . 2009-10-02 15:30 206944 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-03 16:51 . 2009-10-02 15:30 390288 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-03 16:51 . 2009-10-02 15:30 370744 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-03 16:51 . 2009-10-02 15:30 163728 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-03 16:51 . 2009-10-02 15:30 194104 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-03 16:51 . 2009-10-02 15:30 5908024 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-03 16:51 . 2009-10-02 15:30 87496 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-03 16:51 . 2009-10-02 15:30 327000 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-03 16:51 . 2009-10-02 15:30 933120 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-03 16:51 . 2009-10-02 15:30 640608 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-03 16:50 . 2009-10-02 15:30 815760 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-03 16:50 . 2009-10-02 15:29 822904 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-03 16:50 . 2009-10-02 15:29 1638104 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-03 16:50 . 2009-10-02 15:29 788368 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-03 16:50 . 2009-10-02 15:29 1179232 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-29 01:32 . 2009-08-01 11:28 -------- d-----w- c:\program files\Opera
2009-10-22 12:07 . 2009-08-17 12:10 -------- d-----w- c:\users\Administrator\Application Data\Babylon
2009-10-19 18:36 . 2006-11-20 12:27 2000000 ----atw- c:\windows\system32\HJSMEM.DAT
2009-10-19 18:28 . 2009-08-17 11:40 -------- d-----w- c:\users\All Users\Application Data\RFA_Backups
2009-10-18 18:54 . 2009-08-01 11:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-17 18:24 . 2009-07-31 18:02 -------- d-----w- c:\users\Administrator\Application Data\Comodo
2009-10-17 18:24 . 2009-07-31 18:01 -------- d-----w- c:\program files\COMODO
2009-10-17 15:43 . 2009-08-01 14:49 -------- d-----w- c:\users\Administrator\Application Data\LimeWire
2009-10-11 03:17 . 2009-07-31 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 00:18 . 2009-10-05 00:18 -------- d-----w- c:\program files\inSoft
2009-10-03 04:44 . 2009-08-01 14:36 -------- d-----w- c:\program files\Unlocker
2009-10-02 16:04 . 2009-08-04 23:13 -------- d-----w- c:\program files\RegistryFix7
2009-10-02 15:30 . 2009-08-04 14:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-02 15:30 . 2009-10-02 15:30 17632 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 15:30 . 2009-10-02 15:30 68640 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 15:30 . 2009-10-02 15:30 525792 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 15:30 . 2009-10-02 15:30 303976 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 15:29 . 2009-10-02 15:29 640760 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-01 16:56 . 2009-10-01 16:56 -------- d-----w- c:\program files\Microsoft
2009-09-28 14:43 . 2009-09-03 18:24 177024 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\zdwvxrnz.default\FlashGot.exe
2009-09-27 11:48 . 2009-09-06 12:57 -------- d-----w- c:\users\Administrator\Application Data\mp3rocket
2009-09-23 12:55 . 2009-08-01 15:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-19 09:44 . 2009-09-19 09:44 -------- d-----w- c:\users\Administrator\Application Data\Search Settings
2009-09-19 09:44 . 2009-09-19 09:44 -------- d-----w- c:\users\Administrator\Application Data\Dealio
2009-09-18 23:36 . 2009-09-18 23:26 -------- d-----w- c:\users\Administrator\Application Data\WeatherWatcherLive
2009-09-18 22:30 . 2009-09-18 22:30 -------- d-----w- c:\program files\Eggiz
2009-09-18 22:29 . 2009-08-01 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 22:27 . 2009-08-01 18:15 -------- d-----w- c:\program files\MyFreeWeather
2009-09-18 22:16 . 2009-08-04 20:47 4045528 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-18 11:15 . 2009-08-04 23:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 01:02 . 2009-09-16 22:29 -------- d-----w- c:\program files\Cosmopolitan
2009-09-18 01:02 . 2009-08-29 11:10 -------- d-----w- c:\program files\Amazing Adventures The Lost Tomb
2009-09-15 10:57 . 2009-09-09 16:47 -------- d-----w- c:\program files\UlisesSoft
2009-09-15 00:05 . 2009-09-15 00:02 -------- d-----w- c:\program files\Digital Photo Software
2009-09-15 00:03 . 2009-09-15 00:03 8854 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut3_43405B1A6E07446F91523AC32617A818.exe
2009-09-15 00:03 . 2009-09-15 00:03 61440 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut2_25626A0D9AF7477DBD62B0C62B366983_1.exe
2009-09-15 00:03 . 2009-09-15 00:03 61440 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut1_25626A0D9AF7477DBD62B0C62B366983_1.exe
2009-09-15 00:03 . 2009-09-15 00:03 21630 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\ARPPRODUCTICON.exe
2009-09-11 14:13 . 2009-03-08 09:01 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 07:08 . 2009-08-01 03:21 73264 ----a-w- c:\users\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 12:54 . 2009-08-01 14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-01 14:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 10:53 . 2009-09-06 10:53 7680 ----a-w- c:\users\Administrator\Application Data\Thinstall\AMS Photo Effects 1.87\4000008000002i\Splash Screen.exe
2009-09-04 21:03 . 2008-04-14 03:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2009-03-08 09:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2009-03-08 09:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 14:53 . 2009-08-23 14:53 148736 ----a-w- c:\users\All Users\Application Data\hpe1E9A.dll
2009-08-23 14:53 . 2009-08-23 14:53 148736 ----a-w- c:\users\All Users\Application Data\hpe1E9A.dll
2009-08-21 22:16 . 2009-08-21 22:15 88 --sh--r- c:\users\All Users\Application Data\24993C8340.sys
2009-08-21 22:16 . 2009-08-21 22:15 88 --sh--r- c:\users\All Users\Application Data\24993C8340.sys
2009-08-21 22:16 . 2009-08-21 22:14 2516 --sha-w- c:\users\All Users\Application Data\KGyGaAvL.sys
2009-08-21 22:16 . 2009-08-21 22:14 2516 --sha-w- c:\users\All Users\Application Data\KGyGaAvL.sys
2009-08-20 19:15 . 2009-08-20 19:15 90112 ----a-w- c:\windows\Cuninst.exe
2009-08-15 20:36 . 2009-08-15 20:36 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-15 20:36 . 2009-08-15 20:36 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\ppapps\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-01 2171904]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-05-26 4355512]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-05-26 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-05-26 377248]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-08-17 3959696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-07-24 1259336]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-07-24 436552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\users\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.8.2009 16:05 64288]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [1.8.2009 16:14 902592]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [17.10.2009 20:31 714752]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [1.8.2009 15:11 142592]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [17.10.2009 20:29 1312584]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [17.10.2009 20:29 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [17.10.2009 20:30 256792]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.8.2009 15:58 27632]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24.8.2009 16:53 391688]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.8.2009 15:52 90112]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15.8.2009 21:36 604416]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [17.10.2009 20:31 33920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23.8.2009 15:56 89256]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-11-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:50]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-682003330-500Core.job
- c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 11:12]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-682003330-500UA.job
- c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 11:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid=0
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: Translate with Babylon
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\zdwvxrnz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={3392775D-2211-BE29-CDAA-662D033FFC9D}
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={3392775D-2211-BE29-CDAA-662D033FFC9D}&q=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-602162358-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1656)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1736)
c:\windows\system32\wdigest.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\MSVCP60.dll
c:\windows\System32\wiadefui.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-11-11 18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 17:05

Pre-Run: 7.418.703.872 bytes free
Post-Run: 7.526.789.120 bytes free

- - End Of File - - D808589F4A46F6AB8ED13B45495DCFCC


Molim nekoga za pomoc!


[Ovu poruku je menjao xman25 dana 11.11.2009. u 18:31 GMT+1]
[ magna86 @ 11.11.2009. 23:14 ] @
Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Citat:
Firefox::
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\zdwvxrnz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={3392775D-2211-BE29-CDAA-662D033FFC9D}&q=

FileLook::
c:\windows\system32\HJSMEM


Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop



Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix.Ako ti bude trazio da skines novu verziju,dozvoli mu (Yes)
Kada zavrsi,pojavice se log (C:\ComboFix.txt) koji ces kopirati ovde.


I stvarno nije bilo razloga da pokreces Combofix pogotovo sto on i nije preporucljiv da se pokrece bez nadzora
jer ponekad zna da obrise neke legitimne fajlove kao sto je to uradio sa jednim fajlom i kod tebe.
srecom...taj file nije mnogo bitan za system...

inace... imas puno nepotrebnih stvari i keygena...
natrpan sturtup, i sve te igrice...itd...
to bi mogao da sredis,pobrises nepotrebno i da reinstaliras mozillu

PS: taj error ( Crash Repoarter) je dosao sa najnovijom verzijom,i meni se par puta desilo...
mislim da su sad sa najnovijim update-om to popravili ali nemoj mi verovati na rec...i problem koji imas nema veze sa malware-om.
[ xman25 @ 12.11.2009. 16:45 ] @
Evo sta se sada desava. Odradim kao sto si napisao ali odmah na pocetku pri pokretanju Combofix-a izadje ova poruka:


Zatvorim to, Combo odradi one korake i kada treba da izbaci log na tome ostane, tu zakuca.
Probao sam vec vise puta sa brisanjem i instaliranjem Mozille. Da li ne moze da se pokrene zbog onog fajla koji nedostaje?

Ne znam da li si me dobro razumeo. Mozilla mi se uopste vise ne otvara. Izbaci one dve poruke iz gornje posta - prvo jednu pa drugu i to je to.
[ magna86 @ 12.11.2009. 17:03 ] @
Obrisi samo Combofix ikonicu sa Dekstop-a



klasicno...desni klik/delete

Ponovo iskljuci AntiVirus pa onda skini novi Combofix i ponovi postupak sa CFScrip-om
ps: sacekaj program da sam izbaci log,po nekad mu je potrebno vise vremena
[ xman25 @ 12.11.2009. 17:58 ] @
Evo log-a:

Citat:
ComboFix 09-11-11.02 - Administrator 12.11.2009 18:47.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1490 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

c:\windows\system32\LogonUI.exe . . . is infected!!

-- Previous Run --

c:\windows\system32\LogonUI.exe . . . is infected!!

--------

c:\windows\system32\LogonUI.exe . . . is infected!!

-- Previous Run --

c:\windows\system32\LogonUI.exe . . . is infected!!

-- Previous Run --

c:\windows\system32\LogonUI.exe . . . is infected!!

--------

c:\windows\system32\LogonUI.exe . . . is infected!!

--------

c:\windows\system32\LogonUI.exe . . . is infected!!

--------

c:\windows\system32\LogonUI.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-11 15:37 . 2009-11-11 15:37 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-10 19:45 . 2009-11-10 19:45 -------- d-----w- c:\program files\eGames
2009-11-08 18:04 . 2009-11-08 18:04 10880192 ----a-w- c:\users\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2009-11-07 23:42 . 2009-11-07 23:42 -------- d-----w- c:\program files\BS player
2009-11-07 23:00 . 2009-11-07 23:02 -------- d-----w- c:\program files\Your Uninstaller
2009-11-07 22:54 . 2009-11-07 22:58 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-11-07 20:31 . 2009-11-07 20:33 6147544 ----a-w- c:\users\Administrator\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-11-07 20:31 . 2007-03-22 10:46 126976 ----a-w- c:\users\Administrator\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-11-05 00:04 . 2009-11-05 00:04 152576 ----a-w- c:\users\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 16:00 . 2009-11-04 18:26 -------- d-----w- c:\users\All Users\Application Data\FarmFrenzy3
2009-11-04 15:59 . 2009-11-04 15:59 -------- d-----w- c:\program files\LeeGTs Games
2009-11-03 16:51 . 2009-11-03 16:51 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-03 16:51 . 2009-11-03 16:51 93360 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-03 16:51 . 2009-11-03 16:51 554280 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-03 16:51 . 2009-11-03 16:51 212480 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-03 16:51 . 2009-11-03 16:51 283944 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-03 16:51 . 2009-11-03 16:51 1223976 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-03 16:51 . 2009-11-03 16:51 242984 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 02:03 . 2009-10-29 02:03 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help
2009-10-26 14:52 . 2009-10-26 14:52 -------- d-----w- c:\users\All Users\Application Data\2BrightSparks
2009-10-26 14:52 . 2009-10-26 14:52 -------- d-----w- c:\program files\2BrightSparks
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\users\All Users\Application Data\Freedom Scientific
2009-10-19 18:33 . 2009-10-19 18:33 -------- d-----w- c:\program files\ssce
2009-10-19 18:32 . 2009-10-19 18:32 -------- d-----w- c:\windows\system32\HJSMEM
2009-10-19 18:31 . 2009-10-19 18:33 -------- d-----w- c:\program files\Freedom Scientific
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\4000008500003i\PDFToText.exe
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\400000600002i\AcroRd32Info.exe
2009-10-18 18:39 . 2009-10-18 18:39 7168 ----a-w- c:\users\Administrator\Application Data\Thinstall\TextAloud\1000000b00002i\verclsid.exe
2009-10-18 18:25 . 2003-12-18 16:53 6656 ----a-w- c:\windows\system32\haspvdd.dll
2009-10-18 18:25 . 2003-12-18 16:53 383 ----a-w- c:\windows\system32\haspdos.sys
2009-10-18 18:25 . 2003-12-18 16:53 304640 ----a-w- c:\windows\system32\hlvdd.dll
2009-10-18 18:25 . 2004-01-31 18:14 420000 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-10-18 18:25 . 2003-12-18 16:53 47616 ----a-w- c:\windows\system32\drivers\haspnt.sys
2009-10-18 18:22 . 2009-10-18 18:22 -------- d-----w- C:\HaspEmulPE.XP
2009-10-18 18:10 . 2009-10-18 18:10 -------- d-----w- c:\users\Administrator\Application Data\Freedom Scientific
2009-10-18 18:07 . 2009-10-18 18:08 -------- d-----w- c:\program files\anReader
2009-10-18 16:54 . 2009-10-19 18:32 -------- d--h--w- c:\program files\Freedom Scientific Installation Information
2009-10-18 15:57 . 2009-10-18 15:57 -------- d-----w- c:\program files\Rainbow Technologies
2009-10-18 15:57 . 2008-10-07 13:33 6058112 ----a-w- c:\windows\system32\dcmc0d0.dll
2009-10-17 19:31 . 2009-07-23 09:56 714752 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-10-17 19:30 . 2009-07-13 11:19 256792 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-10-17 19:29 . 2009-10-17 19:31 -------- d-----w- c:\windows\system32\Filt
2009-10-17 19:29 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-10-17 19:28 . 2009-10-17 19:28 -------- d-----w- c:\program files\Agnitum
2009-10-17 19:28 . 2009-10-17 19:28 -------- d-----w- c:\users\All Users\Application Data\Agnitum
2009-10-17 17:52 . 2009-10-17 17:52 -------- d-sh--w- c:\users\LocalService\IETldCache
2009-10-17 15:50 . 2009-11-03 16:51 537576 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-17 15:46 . 2009-10-17 15:46 -------- dc-h--w- c:\users\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 15:46 . 2009-10-03 08:15 2924848 -c--a-w- c:\users\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-14 09:40 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-10-14 09:37 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-14 09:35 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-10-13 22:35 . 2009-10-13 22:35 -------- d-----w- c:\program files\Search Guard PlusU
2009-10-13 22:35 . 2009-10-13 22:35 -------- d-----w- c:\program files\Search Guard Plus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 17:42 . 2009-08-11 16:22 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-12 17:36 . 2009-08-17 12:10 -------- d-----w- c:\users\All Users\Application Data\Babylon
2009-11-12 16:43 . 2009-08-01 14:11 -------- d-----w- c:\users\All Users\Application Data\Spyware Terminator
2009-11-12 16:43 . 2009-08-01 14:11 -------- d-----w- c:\program files\Spyware Terminator
2009-11-12 16:37 . 2009-08-01 14:11 -------- d-----w- c:\users\Administrator\Application Data\Spyware Terminator
2009-11-11 19:09 . 2009-08-17 11:40 -------- d-----w- c:\users\All Users\Application Data\RFA_Backups
2009-11-11 18:51 . 2009-08-01 15:34 -------- d---a-w- c:\users\All Users\Application Data\TEMP
2009-11-11 18:30 . 2009-08-01 13:34 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help
2009-11-10 19:55 . 2009-08-01 21:33 -------- d-----w- c:\users\Administrator\Application Data\Skype
2009-11-10 18:38 . 2009-08-06 23:24 -------- d-----w- c:\users\Administrator\Application Data\Thinstall
2009-11-10 18:03 . 2009-08-01 21:35 -------- d-----w- c:\users\Administrator\Application Data\skypePM
2009-11-08 18:02 . 2009-08-16 02:03 2285056 ----a-w- c:\windows\system32\TUKernel.exe
2009-11-08 17:51 . 2009-07-31 18:02 -------- d-----w- c:\users\Administrator\Application Data\BSplayer PRO
2009-11-07 23:00 . 2009-08-01 15:34 -------- d-----w- c:\users\Administrator\Application Data\URSoft
2009-11-07 19:49 . 2009-08-01 19:16 -------- d-----w- c:\program files\Paint.NET
2009-11-05 00:05 . 2009-08-01 11:41 -------- d-----w- c:\program files\Java
2009-11-04 15:10 . 2009-08-30 21:27 -------- d-----w- c:\program files\Farm Frenzy Pizza Party
2009-11-03 16:51 . 2009-10-02 15:30 862040 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-11-03 16:51 . 2009-10-02 15:30 15880 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-03 16:51 . 2009-10-02 15:30 206944 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-11-03 16:51 . 2009-10-02 15:30 390288 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-11-03 16:51 . 2009-10-02 15:30 370744 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-03 16:51 . 2009-10-02 15:30 163728 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-03 16:51 . 2009-10-02 15:30 194104 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-03 16:51 . 2009-10-02 15:30 5908024 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-03 16:51 . 2009-10-02 15:30 87496 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-03 16:51 . 2009-10-02 15:30 327000 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-03 16:51 . 2009-10-02 15:30 933120 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-03 16:51 . 2009-10-02 15:30 640608 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-03 16:50 . 2009-10-02 15:30 815760 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-03 16:50 . 2009-10-02 15:29 822904 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-03 16:50 . 2009-10-02 15:29 1638104 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-03 16:50 . 2009-10-02 15:29 788368 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-03 16:50 . 2009-10-02 15:29 1179232 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-29 01:32 . 2009-08-01 11:28 -------- d-----w- c:\program files\Opera
2009-10-22 12:07 . 2009-08-17 12:10 -------- d-----w- c:\users\Administrator\Application Data\Babylon
2009-10-19 18:36 . 2006-11-20 12:27 2000000 ----atw- c:\windows\system32\HJSMEM.DAT
2009-10-18 18:54 . 2009-08-01 11:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-17 18:24 . 2009-07-31 18:02 -------- d-----w- c:\users\Administrator\Application Data\Comodo
2009-10-17 18:24 . 2009-07-31 18:01 -------- d-----w- c:\program files\COMODO
2009-10-17 15:43 . 2009-08-01 14:49 -------- d-----w- c:\users\Administrator\Application Data\LimeWire
2009-10-12 20:47 . 2009-10-12 20:46 2733 ----a-w- c:\windows\system32\unins000.dat
2009-10-12 20:45 . 2009-10-12 20:47 716153 ----a-w- c:\windows\system32\unins000.exe
2009-10-11 03:17 . 2009-07-31 17:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 00:18 . 2009-10-05 00:18 -------- d-----w- c:\program files\inSoft
2009-10-03 04:44 . 2009-08-01 14:36 -------- d-----w- c:\program files\Unlocker
2009-10-02 16:04 . 2009-08-04 23:13 -------- d-----w- c:\program files\RegistryFix7
2009-10-02 15:30 . 2009-08-04 14:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-02 15:30 . 2009-10-02 15:30 17632 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-10-02 15:30 . 2009-10-02 15:30 68640 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-10-02 15:30 . 2009-10-02 15:30 525792 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\DIFxAPI.dll
2009-10-02 15:30 . 2009-10-02 15:30 303976 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-10-02 15:29 . 2009-10-02 15:29 640760 ----a-w- c:\users\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-01 16:56 . 2009-10-01 16:56 -------- d-----w- c:\program files\Microsoft
2009-09-28 14:43 . 2009-09-03 18:24 177024 ----a-w- c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\zdwvxrnz.default\FlashGot.exe
2009-09-27 11:48 . 2009-09-06 12:57 -------- d-----w- c:\users\Administrator\Application Data\mp3rocket
2009-09-23 12:55 . 2009-08-01 15:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-19 09:44 . 2009-09-19 09:44 -------- d-----w- c:\users\Administrator\Application Data\Search Settings
2009-09-19 09:44 . 2009-09-19 09:44 -------- d-----w- c:\users\Administrator\Application Data\Dealio
2009-09-18 23:36 . 2009-09-18 23:26 -------- d-----w- c:\users\Administrator\Application Data\WeatherWatcherLive
2009-09-18 22:30 . 2009-09-18 22:30 -------- d-----w- c:\program files\Eggiz
2009-09-18 22:29 . 2009-08-01 14:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 22:27 . 2009-08-01 18:15 -------- d-----w- c:\program files\MyFreeWeather
2009-09-18 22:16 . 2009-08-04 20:47 4045528 ----a-w- c:\users\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-18 11:15 . 2009-08-04 23:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 01:02 . 2009-09-16 22:29 -------- d-----w- c:\program files\Cosmopolitan
2009-09-18 01:02 . 2009-08-29 11:10 -------- d-----w- c:\program files\Amazing Adventures The Lost Tomb
2009-09-15 10:57 . 2009-09-09 16:47 -------- d-----w- c:\program files\UlisesSoft
2009-09-15 00:05 . 2009-09-15 00:02 -------- d-----w- c:\program files\Digital Photo Software
2009-09-15 00:03 . 2009-09-15 00:03 8854 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut3_43405B1A6E07446F91523AC32617A818.exe
2009-09-15 00:03 . 2009-09-15 00:03 61440 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut2_25626A0D9AF7477DBD62B0C62B366983_1.exe
2009-09-15 00:03 . 2009-09-15 00:03 61440 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\NewShortcut1_25626A0D9AF7477DBD62B0C62B366983_1.exe
2009-09-15 00:03 . 2009-09-15 00:03 21630 ----a-r- c:\users\Administrator\Application Data\Microsoft\Installer\{25626A0D-9AF7-477D-BD62-B0C62B366983}\ARPPRODUCTICON.exe
2009-09-11 14:13 . 2009-03-08 09:01 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 07:08 . 2009-08-01 03:21 73264 ----a-w- c:\users\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 12:54 . 2009-08-01 14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-08-01 14:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 10:53 . 2009-09-06 10:53 7680 ----a-w- c:\users\Administrator\Application Data\Thinstall\AMS Photo Effects 1.87\4000008000002i\Splash Screen.exe
2009-09-04 21:03 . 2008-04-14 03:42 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-10-12 17:17 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-10-12 17:17 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-10-12 17:16 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-10-12 17:16 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-10-12 17:16 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-10-12 17:17 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-10-12 17:17 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-10-12 17:16 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 08:08 . 2009-03-08 09:12 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2009-03-08 09:12 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 14:53 . 2009-08-23 14:53 148736 ----a-w- c:\users\All Users\Application Data\hpe1E9A.dll
2009-08-23 14:53 . 2009-08-23 14:53 148736 ----a-w- c:\users\All Users\Application Data\hpe1E9A.dll
2009-08-21 22:16 . 2009-08-21 22:15 88 --sh--r- c:\users\All Users\Application Data\24993C8340.sys
2009-08-21 22:16 . 2009-08-21 22:15 88 --sh--r- c:\users\All Users\Application Data\24993C8340.sys
2009-08-21 22:16 . 2009-08-21 22:14 2516 --sha-w- c:\users\All Users\Application Data\KGyGaAvL.sys
2009-08-21 22:16 . 2009-08-21 22:14 2516 --sha-w- c:\users\All Users\Application Data\KGyGaAvL.sys
2009-08-20 19:15 . 2009-08-20 19:15 90112 ----a-w- c:\windows\Cuninst.exe
2009-08-15 20:36 . 2009-08-15 20:36 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-15 20:36 . 2009-08-15 20:36 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2008-03-09 05:25 . 2009-10-12 20:47 236 ----a-w- c:\program files\Common Files\dx.reg
.

------- Sigcheck -------

[-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\ppapps\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Google Update"="c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-01 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2009-08-01 2171904]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-05-26 4355512]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-05-26 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-05-26 377248]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-08-17 3959696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-07-24 1259336]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-07-24 436552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-03-08 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NewUser"="c:\windows\LastXP\NewUser.cmd" [2009-02-18 2375]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\users\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1.8.2009 16:05 64288]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [1.8.2009 16:14 902592]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 14:49 94360]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [17.10.2009 20:31 714752]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [1.8.2009 15:11 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [17.10.2009 20:29 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [17.10.2009 20:30 256792]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.8.2009 15:58 27632]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [24.8.2009 16:53 391688]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [17.10.2009 20:29 1312584]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.8.2009 15:52 90112]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15.8.2009 21:36 604416]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [17.10.2009 20:31 33920]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23.8.2009 15:56 89256]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-11-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:50]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-682003330-500Core.job
- c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 11:12]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-682003330-500UA.job
- c:\users\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 11:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tattoodle.com?tid=0
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: Translate with Babylon
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\zdwvxrnz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tattoodle.com?tid={3392775D-2211-BE29-CDAA-662D033FFC9D}
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\users\Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-602162358-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1648)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1704)
c:\windows\system32\wdigest.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Completion time: 2009-11-12 18:55
ComboFix-quarantined-files.txt 2009-11-12 17:55
ComboFix2.txt 2009-11-11 17:05

Pre-Run: 6.323.359.744 bytes free
Post-Run: 6.291.828.736 bytes free

- - End Of File - - 9185D264A245A0618F5B963AAB178C3C
[ magna86 @ 13.11.2009. 08:21 ] @
dobro...ajd sad odradi ovo pa da privedemo slucaj kraju...


--> Idi na ovu stranicu:
http://www.virustotal.com

..i upload-uj sledeci file na skeniranje:
c:\windows\system32\LogonUI.exe

po potrebi isprati ovo uputstvo:
http://www.bleepingcomputer.com/tutorials/tutorial62.html

javi rezultate skeniranja (link)


[ xman25 @ 13.11.2009. 16:19 ] @
Evo Link sa Virustotal-a.

BTW u medjuvremenu sam napravio HijackThis log i automatski ga analizirao preko jednog sajta. Izbrisao sa Crawler toolbar i nakom toga mi se Mozilla otvara ali opet na pocetku izbaci prvo ovu poruku:

[ magna86 @ 13.11.2009. 17:23 ] @
Ovako...ovde nema malware-a,ali hocu jos nesto da proverim.

Skini ovaj ATF Cleaner program na Desktop
http://www.atribune.org/ccount/click.php?id=1

idi na "Select All" i nakon toga klikni na "Empty Selected"
Kada se pojavi poruka "Done Cleaning" zatvori program.


Onda...skini ovaj file sto sam ti upload-ovao uz poruku.Skini ga na Desktop i pokreni ga dvoklikom.
pojavice se log na desktopu pod nazivom showreg
kopiraj mi sadrzaj tog loga
[ xman25 @ 13.11.2009. 17:47 ] @
[quote]Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation]
"TLDUpdates"=dword:00000000
"UnattendLoaded"=dword:00000001
"MSCompatibilityMode"=dword:00000001
"IECompatVersionHigh"=dword:00080000
"IECompatVersionLow"=dword:17714975
"StaleCompatCache"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar]
"CompatibilityViewButtonBalloonCount"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e3,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e3,03,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General]
"BackupWallpaper"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,61,00,6c,00,\
6c,00,70,00,61,00,70,00,65,00,72,00,31,00,2e,00,62,00,6d,00,70,00,00,00
"WallpaperFileTime"=hex:8e,1d,6b,db,ac,5d,ca,01
"WallpaperLocalFileTime"=hex:8e,85,2f,3d,b5,5d,ca,01
"TileWallpaper"="0"
"WallpaperStyle"="2"
"Wallpaper"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,\
61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,5c,00,4d,00,69,\
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,61,00,6c,00,6c,00,\
70,00,61,00,70,00,65,00,72,00,31,00,2e,00,62,00,6d,00,70,00,00,00
"ComponentsPositioned"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas]
"NoOfOldWorkAreas"=dword:00000001
"OldWorkAreaRects"=hex:00,00,00,00,00,00,00,00,00,05,00,00,e0,03,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components]
"DeskHtmlVersion"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General]
"Wallpaper"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,57,00,65,00,62,00,5c,00,53,00,61,00,66,00,65,00,4d,00,6f,\
00,64,00,65,00,2e,00,68,00,74,00,74,00,00,00
"VisitGallery"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Scheme]
"Edit"=""
"Display"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Document Windows]
"Maximized"="no"
"height"=hex:00,00,00,00
"width"=hex:00,00,00,80
"x"=hex:00,00,00,80
"y"=hex:00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="cmdcons"
"001"="winnt32.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\Cmdmapping]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Help_Menu_URLs]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld]
"IETldDllVersionHigh"=dword:00080000
"IETldDllVersionLow"=dword:1771498c
"IETldVersionHigh"=dword:00000001
"IETldVersionLow"=dword:00000003
"StaleIETldCache"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms]
"PSMigrated"=dword:00000001
"AskUser"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage1]
"A85DB3B00F8E4C2E6C71ADF6B7791E6E6A6B664238"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,cd,70,a1,d8,81,47,6f,1a,00,61,2f,25,99,88,8d,81,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,70,d1,ae,d4,e1,41,14,05,d6,ad,b2,20,38,df,0f,bc,\
88,01,00,00,35,dd,e4,78,e2,b7,e5,17,06,3f,25,85,c8,68,ec,7a,02,e5,18,8e,08,\
50,5f,a9,8c,69,d7,a7,c6,bd,5c,f7,67,13,41,58,20,72,ea,a0,82,43,01,2d,09,f0,\
3b,e1,a8,4a,2c,11,1e,3f,67,40,25,b6,a9,96,cb,7b,cf,9d,9d,76,de,4e,da,c8,da,\
81,f0,8c,ab,a3,5b,89,fe,c2,23,87,d6,d8,bf,92,06,58,7f,6a,93,ca,c8,d8,05,19,\
3d,20,78,4a,50,b1,87,a6,57,fa,fd,9d,ca,0b,b5,13,cf,77,e6,72,18,04,34,22,ad,\
d3,7a,cf,02,ed,29,4b,13,cd,06,43,a5,27,b0,d5,65,ce,6a,76,3c,88,8b,1e,cc,71,\
a0,31,8f,20,db,87,58,d9,7a,8a,cc,60,fb,41,35,e3,03,76,f8,55,cc,5f,3f,e2,2d,\
12,19,b2,c5,ac,1b,59,ea,b1,82,b4,e0,ce,ed,93,a0,bc,58,ac,63,35,b9,31,1b,f7,\
e4,40,9c,22,62,29,68,fa,b3,72,fe,72,ed,3e,fc,79,be,1f,09,66,5c,a5,7b,9a,0e,\
85,63,a7,77,d4,ef,50,62,7d,74,56,ff,e3,ba,6b,10,b8,43,c7,d9,02,f7,e7,54,d0,\
95,29,20,d8,88,ad,48,1d,ff,26,1d,8a,44,b0,66,59,36,35,77,fb,1f,92,b9,ef,9b,\
b9,be,39,28,50,f9,41,ca,01,56,e1,ae,9e,56,b8,30,17,a1,d3,5c,06,df,0f,c4,4b,\
7d,54,36,f5,13,c6,ea,00,b9,a5,8b,de,7e,23,cd,9b,cd,29,d0,da,a1,14,23,29,f6,\
2c,8b,84,26,19,37,6b,f2,e4,9e,e6,9b,c3,4b,61,db,17,4e,b4,13,ba,cd,87,60,61,\
90,75,53,42,b6,f3,c3,40,ed,ed,7a,a7,12,76,fb,44,94,fe,d1,0d,64,92,ae,10,31,\
e6,00,60,ea,0a,1b,70,63,67,4b,ce,01,bf,20,b0,a0,9d,7e,bf,bc,ee,14,00,00,00,\
61,dc,0b,74,70,de,a0,66,3b,9a,a6,bd,c5,a9,8a,41,10,2a,36,7d
"C6FB044EC2BD401521D6B1082276415638196D8004"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,18,0d,a3,ff,88,81,4a,bb,c7,97,\
6b,f4,02,aa,7a,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,86,3e,71,5c,b0,06,6d,2e,77,15,27,25,f4,b3,0c,01,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,af,9e,19,cc,b1,25,24,fb,b4,74,f4,7c,f4,33,a2,b1,\
00,09,00,00,80,7b,da,cb,86,16,da,b3,6e,0a,ee,88,37,1e,f3,78,51,d3,b8,1a,c1,\
f9,95,c1,aa,72,11,a2,df,08,14,9b,5b,2f,6c,ae,50,e9,33,11,d3,47,86,97,03,28,\
91,21,73,8e,75,5f,de,70,c8,d2,81,5c,6a,29,0c,5f,0d,81,df,3a,a9,6d,f4,22,76,\
26,2d,2a,a4,d7,a0,17,da,ec,e5,4e,02,ef,70,4b,7d,e6,e6,30,d1,e3,e9,25,67,f1,\
b3,4f,ec,fd,8c,81,7e,79,fe,7e,66,ed,0b,fd,7a,45,58,d6,9c,93,93,7d,67,d8,5f,\
de,13,a4,9c,29,04,8b,2c,54,03,51,d4,99,51,98,47,d6,85,e8,ef,cc,da,bf,c9,58,\
53,a9,0b,31,b9,fd,d5,7c,d7,5c,26,1e,86,54,c9,4b,a8,ad,74,b8,75,ee,1a,60,8a,\
77,ac,c9,e2,1a,a1,b2,2f,29,61,46,b6,0a,3e,5c,89,20,39,17,aa,cb,da,c1,19,8c,\
2b,1d,d8,ed,01,b8,e7,85,a2,ac,99,25,1a,89,f4,0f,df,ed,05,fd,d9,89,49,4a,9b,\
55,00,28,34,f7,b7,2d,42,33,d0,96,98,ad,aa,b3,c1,81,e0,0c,87,27,56,52,9a,05,\
3b,98,c0,c7,f0,39,25,3c,51,0c,cd,fb,f3,65,b2,fb,46,9c,b8,da,c8,32,cc,6b,ef,\
01,6e,d4,a8,45,92,4b,ae,45,d6,6f,28,b0,00,0a,bb,a5,29,ed,0a,1c,92,36,03,00,\
4a,34,fc,79,64,9f,73,3d,06,38,fd,6e,f7,63,38,bc,d9,b2,5e,04,c9,a1,96,44,f9,\
61,27,d3,ba,8d,58,aa,d2,ed,bd,59,90,36,d8,c1,ac,54,6c,6f,4a,4c,17,58,f9,6e,\
6b,bc,99,93,0a,f5,5d,b6,8e,c5,00,a8,19,20,62,c8,ac,7d,24,ae,f3,cc,f0,55,d4,\
83,97,e4,ce,97,0a,53,e8,25,b3,9c,08,b0,dc,38,d3,64,d6,c8,3d,e5,08,ba,42,0a,\
db,78,8c,a5,fe,ef,33,c0,dd,b4,9a,fb,1a,f8,c7,5c,27,1d,3f,0a,09,32,92,91,27,\
43,92,70,65,dc,5f,9c,3e,ce,c9,3c,7f,b0,13,d2,29,f8,ef,7c,c9,4e,f4,5b,f0,c1,\
fa,41,25,22,35,c0,ba,da,fe,35,42,df,eb,df,46,8c,94,ad,6a,ae,d2,54,2d,bf,27,\
54,69,ca,ba,6a,a7,d5,43,c3,13,de,35,1a,68,21,38,90,0a,f4,03,9c,eb,a7,6a,35,\
a6,bf,01,a6,ff,8a,1a,48,42,b4,8c,55,af,d0,7d,f8,ed,61,6b,4f,90,40,ff,91,21,\
35,9c,07,cd,bc,9a,00,04,64,73,b4,0e,fc,38,87,c7,ba,3b,13,28,07,3e,e5,f8,97,\
5d,6a,56,c9,e2,a2,fa,1e,eb,d2,6d,f2,f0,83,63,aa,d4,4f,d4,2d,18,ac,bd,9a,4c,\
06,30,d6,b2,7a,40,de,70,a3,07,32,dd,1e,3b,c8,b6,f1,b9,25,ed,27,f3,c6,6f,61,\
37,14,6a,3f,5c,72,42,11,ae,a1,64,19,b6,3c,a6,91,fb,1e,d3,1a,c1,11,6c,36,e7,\
bb,8d,5b,b5,d8,44,91,bb,6d,18,56,c1,39,f9,4a,13,32,79,59,5d,f8,d7,ff,66,65,\
e9,6e,42,f2,5b,e9,27,7e,c9,ef,ec,1f,0f,5a,4e,ed,f7,29,5d,87,82,52,7c,f5,9c,\
4a,d4,8e,47,ab,66,bf,16,d2,18,58,31,2b,54,f3,14,0c,15,bb,6b,ea,36,cf,94,cc,\
76,44,50,d7,db,ee,35,43,ce,73,ea,e0,55,1a,b4,4a,39,b5,39,42,61,75,fa,c4,0f,\
a6,8f,13,2f,df,45,fb,aa,b9,3b,82,90,15,0e,1e,6c,0b,60,63,1b,bd,c2,e2,3a,52,\
ac,74,71,ea,61,ba,f2,c1,a1,1a,b5,1e,20,a1,74,6e,b6,97,21,01,25,71,a4,d6,95,\
e2,2d,f6,67,66,75,e3,be,39,16,f2,97,5b,2c,bb,f6,35,99,5a,08,62,34,74,a9,8c,\
59,46,e0,5a,0b,5a,94,e8,56,a7,7f,8a,25,02,a4,67,26,d0,84,86,94,f0,f7,c8,8d,\
7e,29,c4,e5,9f,9e,d6,dc,43,b7,7e,e0,3c,ef,a0,88,25,89,e1,fd,02,3b,83,97,dc,\
4c,ec,ee,d3,18,39,81,bd,74,26,fc,52,26,9a,af,e4,7a,34,20,b9,5a,ca,17,89,9e,\
bd,ce,c0,22,66,8a,ff,58,b2,3e,94,d8,61,90,eb,9f,61,c5,1d,5e,09,94,c4,e8,a0,\
0d,55,f7,91,93,2f,3d,e5,3f,be,02,2e,59,f3,e7,3d,17,36,48,a7,93,a3,a3,26,5b,\
30,18,2f,b0,4d,46,c4,cc,45,01,ec,7a,b4,50,55,44,c7,ed,04,0c,05,ab,56,9e,2f,\
5a,24,50,70,85,ce,ce,c2,e9,7c,46,69,72,2e,1d,76,d8,79,c4,08,d7,2f,15,51,1c,\
4a,99,16,d1,22,d5,02,58,ef,9c,a3,9d,7a,dd,1d,34,22,c4,30,31,c1,4f,2e,4f,dd,\
d9,d1,94,2d,e4,97,5a,b5,0b,f2,79,d2,b3,8b,67,f6,40,fe,19,9d,b5,49,cb,95,de,\
85,dd,44,6a,ef,f1,ee,f3,03,db,98,e6,16,25,d4,40,d9,ad,39,9e,79,33,55,db,41,\
41,30,76,e2,bc,f7,c5,c3,e8,e9,8e,84,ee,63,7a,a7,4c,06,93,f8,88,03,7a,4e,8d,\
59,b8,40,21,71,8b,b5,f7,1f,20,64,2e,2f,d6,e3,60,c2,f4,2d,e3,a2,bc,d6,75,3f,\
eb,6e,42,bc,80,28,99,60,9d,9f,3a,7c,fa,10,ac,a3,94,2c,d4,85,14,9a,2e,c3,b7,\
9c,24,7e,16,b5,68,80,51,4d,58,04,0a,32,04,7a,a4,8f,6d,ec,57,f1,75,7b,e6,c5,\
d5,2a,83,ec,60,cc,6a,08,36,23,c7,80,39,ef,c8,d0,5e,9e,3b,aa,da,a2,c9,35,8c,\
88,14,a6,e8,8b,fb,1b,a7,6a,5a,17,00,bb,b6,7a,4d,e6,4d,2b,04,6c,fa,14,64,74,\
0d,99,3a,16,9e,af,6c,d8,10,9d,6d,cb,5e,87,59,1c,b7,99,92,9d,ee,6e,d2,8d,32,\
a7,fb,2e,f0,c3,4e,73,03,23,49,8d,99,7d,ab,27,86,bc,83,ed,db,d5,a7,cd,48,77,\
5f,55,66,34,f0,3c,35,ee,34,53,6f,51,65,2e,92,5b,1a,71,3e,6f,e4,cd,26,bb,b0,\
01,b5,6d,30,1f,1b,7e,1b,2c,8d,7a,d9,74,e5,75,ae,91,fa,01,44,13,8d,8e,4f,d1,\
aa,4f,bd,2d,67,06,e4,42,90,5e,2b,7e,3a,08,b5,e8,36,65,c8,b4,60,73,10,73,84,\
d6,2a,8f,9e,a8,6a,cb,0d,18,3f,f3,1b,2c,83,cd,71,34,f6,be,4c,6b,bd,a3,40,73,\
7c,23,b9,7a,06,9a,fe,cd,a9,94,8b,7b,11,8f,23,a2,44,3e,a9,ed,0f,c1,b8,04,70,\
f6,b4,83,c7,f1,fd,3a,90,c3,bb,91,c8,a8,35,87,37,8a,b7,1a,06,93,b6,b7,b9,63,\
cd,ad,44,66,f6,51,42,c8,a8,34,6f,2a,b6,5a,01,ce,c7,ee,17,b3,17,b7,99,6a,05,\
51,26,ac,85,e5,42,67,d4,32,ab,e6,02,bb,9b,0a,fd,05,7f,b8,18,ce,58,5b,ad,bf,\
e7,7f,3c,fe,5b,3f,ba,cf,7f,a6,8b,32,6c,c9,9f,f4,3c,c3,4f,f4,87,f7,ec,c3,25,\
19,6e,dd,b0,15,62,c9,e7,9d,c5,38,e1,49,98,c3,1c,d8,9e,bd,f3,6a,68,c6,08,61,\
34,07,b5,e7,67,18,a8,6b,38,c7,bd,54,28,e7,a2,ba,47,d1,18,06,f6,31,6a,ad,43,\
3f,57,6d,60,f1,dc,27,56,64,53,95,89,86,b1,2a,67,38,42,9e,d7,c6,43,f6,a3,50,\
e0,d3,a6,7e,25,82,76,09,6a,b5,7a,6c,cf,58,b8,df,e3,4e,49,91,b8,c8,ae,99,08,\
6c,17,b6,eb,a4,29,18,15,69,34,9b,68,33,51,1b,a0,d2,cf,43,e9,71,b1,f6,16,8f,\
96,e7,f5,24,89,55,6e,90,a8,5f,29,f3,35,bb,6a,93,9a,9c,4d,ed,0e,b7,ed,a5,38,\
37,cd,42,8c,67,f3,1e,e7,c0,cc,25,99,a1,c5,4f,7e,3b,d0,08,92,c1,e2,67,70,98,\
17,e8,27,45,c9,03,73,70,c0,65,71,76,3f,a7,fb,1b,da,55,a5,09,03,fc,22,c9,5e,\
5b,a6,a7,0b,97,a8,b4,fc,09,58,df,61,1a,ad,e0,f0,84,2e,63,41,fd,bc,f6,ca,74,\
b8,be,ce,98,71,93,ac,7f,40,ff,57,d1,02,20,3c,ce,cc,24,01,4e,91,ad,22,48,d3,\
b0,83,6d,74,74,bf,da,78,a3,ba,fb,6d,65,6f,c5,3e,d8,c4,a1,8c,1c,4b,b1,49,2c,\
4e,cb,aa,90,89,22,b9,fa,a9,e3,47,90,e8,b1,bf,40,80,ba,d1,16,ed,52,4f,ae,b6,\
7f,41,55,6e,94,32,5d,1d,5f,7b,11,5a,57,68,20,4a,cc,fa,58,b9,e4,aa,16,4f,55,\
90,0a,c3,89,ad,a6,4c,b3,53,e8,ba,b4,5c,b2,c0,07,b9,b1,ae,1e,07,80,d9,95,20,\
34,7b,fe,c9,10,71,8a,b4,73,60,e5,3b,13,03,c7,23,54,29,4e,4b,ff,62,b4,9b,8f,\
b1,4c,b6,b2,c8,53,89,b4,65,ab,13,1a,3d,46,2c,ce,67,6d,9d,fe,8a,61,33,19,a4,\
82,a6,c9,ce,8f,dc,83,b1,0b,22,dc,fa,0e,35,8e,db,98,01,b7,fb,3e,01,1b,9e,dd,\
e6,96,5e,07,e5,80,96,69,1d,ee,53,66,10,a1,14,2b,68,67,73,a4,42,81,fa,2c,c3,\
0d,dc,9f,2c,c9,fa,c5,22,b5,7d,da,ea,5d,95,13,a5,1d,0e,a1,1c,9c,9c,6b,68,ee,\
a2,3f,9a,fe,46,04,e8,c1,d7,5c,be,d7,ee,9d,cd,38,61,f6,bc,01,87,20,d0,1f,9a,\
f8,fb,94,8d,39,29,f5,6b,1c,90,ff,36,34,e7,eb,d2,55,d2,2a,fc,e6,9a,e4,92,c8,\
90,b4,14,4e,81,3c,9a,c4,e3,b7,3b,a3,c1,4b,da,3e,e8,fd,3c,02,6d,13,14,a3,0d,\
c0,aa,d7,23,8f,4a,8c,13,50,fc,97,e2,cc,ac,c5,59,47,6b,b6,24,77,eb,92,be,1d,\
49,97,85,8b,29,59,90,8a,54,e4,c3,25,ce,31,55,d7,5f,67,3e,c0,7b,4c,06,c8,32,\
c1,24,41,42,4f,c5,84,e2,96,97,49,c5,f3,57,f8,eb,58,80,b3,00,dc,8c,ef,53,09,\
fd,52,95,04,cc,23,67,fd,f6,a7,86,6c,74,98,24,6b,f4,9d,a1,51,e2,f5,b7,69,ee,\
4d,eb,4b,19,98,b9,11,de,9e,81,d0,e0,33,47,2a,fb,cb,c8,84,52,a4,40,3b,23,82,\
70,cd,b4,50,e2,7f,22,e8,f4,9e,bb,d8,64,4e,87,b4,4e,a3,56,c8,03,18,c2,23,fa,\
70,28,0c,a1,bb,8a,25,33,27,82,3e,73,35,83,68,00,81,35,96,ca,c1,8c,23,3b,a1,\
21,dd,8b,57,a2,d2,7a,5f,4b,39,24,40,02,c7,8a,07,1a,6e,fc,5f,8c,b5,e1,f5,99,\
7c,6b,bd,e0,f5,94,93,ff,35,cf,f6,47,71,ae,81,4c,c0,f8,85,c9,5a,b9,b5,8e,22,\
67,c0,78,d6,57,e5,51,80,54,1c,d1,da,41,ba,18,01,cb,c2,ad,24,ec,23,6e,85,14,\
74,19,bd,85,3b,9a,1c,68,db,a6,ae,67,37,5c,06,3a,c1,9e,7e,8e,04,23,af,ab,1f,\
cf,8e,10,a3,d0,92,ba,de,14,00,00,00,60,4f,14,3e,34,57,61,30,96,33,56,ce,d9,\
be,5f,67,dc,9b,7b,98
"805997E8A8B545C94D678694DD85A58B41F75F924C"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,f2,27,4b,55,70,24,ad,c5,50,a1,d7,a3,ea,34,d6,9f,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,8a,76,10,0d,b7,05,63,df,b9,2f,63,2f,c6,31,22,9e,\
50,00,00,00,a9,e7,c6,4a,67,35,c1,f1,d3,49,73,bd,80,76,56,ab,9e,8f,aa,ee,70,\
4d,70,40,b4,c1,1f,b1,ef,0c,bc,df,9e,dd,25,95,f6,1a,ac,6e,a0,ce,0a,3d,ce,40,\
b3,48,91,46,32,54,fc,fe,a3,66,1c,50,25,be,76,0b,1e,cc,c3,00,f3,17,aa,bf,0a,\
49,28,9c,7f,72,f7,68,23,02,14,00,00,00,1e,9e,74,51,e1,ce,75,c5,be,fe,31,76,\
48,12,c8,2e,f6,e7,07,98
"4A245A629AAFE61C2397B17960D4364F640ED662BC"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,b0,78,7d,59,a1,64,80,ee,1d,9b,c6,b5,b8,b2,fe,d5,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,60,e7,92,91,65,dc,ad,d5,03,1d,11,3e,73,41,b9,96,\
40,00,00,00,34,57,4a,27,b6,37,d1,28,89,91,48,93,14,24,d3,46,02,5d,6c,2d,28,\
1c,e2,31,36,3f,72,88,0a,cc,fc,05,e3,ce,b6,62,94,e4,8d,cf,36,5c,63,ac,53,ff,\
33,17,f5,f9,66,ed,23,fb,83,e8,e0,6c,c5,5e,ba,65,30,83,14,00,00,00,0a,c8,1d,\
48,23,21,d6,86,19,23,10,ee,ba,dc,15,9c,4c,9b,19,7f
"096420CE1C9A31839715B788EF20650AE3D02A535E"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,73,53,ef,23,b9,0d,ed,fa,9b,db,90,d5,05,e0,cb,03,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,04,1f,6b,ea,53,bc,0e,11,6d,12,6d,63,ce,08,7d,77,\
48,00,00,00,62,35,e2,6a,9d,ce,c6,6e,79,26,2b,0e,cc,97,8f,25,a2,32,29,df,21,\
f5,85,4c,5a,70,f4,2e,f2,c2,bf,1e,f9,ae,54,b3,ef,cb,4b,24,18,33,f1,33,25,4f,\
df,09,51,b2,d1,8d,fa,03,d5,1d,ff,12,66,a5,f4,65,90,2f,94,7f,af,90,e2,f3,7f,\
af,14,00,00,00,b0,6e,24,86,cf,e2,d7,e5,86,46,f1,9e,e4,a1,b3,85,b7,64,e2,b8

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]
"A0E5AFCB85D41C04B28D7E3062C1EF0ACBC55CBB28"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,10,0f,a9,d5,f5,e4,e1,76,35,1d,a3,39,dc,b3,54,83,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,d5,74,37,bd,bd,dc,19,4f,d8,cc,6c,67,e9,ef,16,d3,\
20,01,00,00,0f,64,ea,be,ef,14,f2,5e,61,ec,2f,8f,46,f1,1e,94,68,63,c5,80,88,\
01,a7,ac,a0,f9,58,9a,32,1a,9d,0d,e1,1a,6d,79,3e,a8,d1,d9,02,f1,c5,46,b1,0d,\
81,ef,5e,5e,02,63,3d,e1,ed,30,6a,1e,61,c3,7a,a0,e0,38,80,c0,20,5a,76,54,c3,\
fe,f6,c0,26,c8,67,f3,3c,c2,85,23,a8,3a,9f,64,8f,b6,93,d3,26,e3,83,b5,3f,41,\
96,fe,a9,48,c9,57,c5,ed,e7,d5,98,b0,9c,23,fc,12,0d,d0,33,77,67,c4,81,cc,32,\
bb,a8,5e,ae,db,e8,32,03,c3,67,cc,f1,3f,ae,2a,9b,31,9f,65,36,f9,7d,af,4c,c9,\
bb,ff,91,07,c8,0a,a6,f3,68,38,d1,5f,4d,1d,5b,d0,75,3e,a5,d5,38,8f,99,97,3f,\
01,44,0a,02,6e,69,14,02,b3,1c,da,34,35,f4,7e,81,8f,da,82,6a,a1,8c,ea,6a,04,\
89,e4,f7,4a,c7,21,f8,d2,fa,a8,48,4f,66,6e,15,0c,48,bf,f4,9f,a8,ef,c2,2c,12,\
1f,83,41,88,aa,99,32,67,49,fa,e1,0b,5c,cc,c5,1c,f0,0c,2d,a5,8b,c5,0d,ac,7a,\
31,54,50,60,2a,9a,70,d3,e3,b9,4e,a4,57,bd,b1,2f,4d,ec,71,c2,95,b0,9f,5e,cf,\
99,98,f8,bb,ad,ab,a6,38,21,79,83,87,b2,99,59,a0,8d,14,00,00,00,dd,ef,30,47,\
9a,ad,43,76,cd,92,be,87,fe,8e,59,bf,f1,c7,34,1c
"403F235AD306782320789C14F1351CFFE4A9D50863"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,cf,0e,7e,c7,73,f5,53,48,d0,16,53,5e,15,16,cc,79,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,b0,b0,66,91,bb,a2,1f,f1,85,a0,c2,86,ae,50,82,8d,\
70,00,00,00,d0,52,f7,60,1b,38,54,8f,78,98,1d,40,75,95,01,6f,46,c8,6d,2c,8c,\
24,f4,3a,70,d9,88,b0,6d,87,3a,8a,ae,93,51,fd,64,8c,16,d9,21,d5,0d,86,c3,9c,\
90,92,85,fb,e9,c8,b8,f7,b3,35,93,d7,2f,b2,f3,da,f9,4d,bf,51,da,7d,f7,8d,4b,\
e3,83,8f,07,70,cd,fb,a0,d0,8c,6b,34,ea,72,d8,b4,56,6e,97,89,a3,46,54,0e,5c,\
5c,14,12,67,5e,35,ad,23,52,96,04,11,f2,05,bc,b4,14,00,00,00,9c,5b,39,09,ee,\
92,93,f8,ae,2f,6d,a3,c2,6d,0e,28,40,29,63,33
"F6FFE33B9EF4D7CB8F5A2F41F3222D21E131ED787A"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,a0,62,a7,a6,03,2c,99,d5,59,86,1f,ef,6d,27,58,fd,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,80,e8,ff,dd,e4,6f,18,ce,b5,6d,3e,92,e3,9b,90,dc,\
70,00,00,00,e6,1d,72,91,6c,c0,e4,2e,3f,56,b3,20,f5,ba,0e,ad,be,c7,08,7c,f1,\
bb,80,c3,fd,aa,0e,76,e0,c3,d0,bb,dc,5b,15,9c,37,97,fb,6b,59,60,28,1e,72,dd,\
63,3b,65,f8,25,cf,3a,83,6f,a4,9d,a4,c1,0f,9a,af,fb,bc,b5,b6,1a,09,37,f5,48,\
2f,a0,f9,d7,81,72,9c,a9,a3,0a,06,57,91,8b,fe,a3,b1,06,af,30,be,99,f2,e2,ae,\
2a,5f,3b,ac,0f,c6,26,65,98,35,09,35,9d,45,e8,a1,14,00,00,00,da,c8,93,39,9f,\
85,cd,fe,3f,3b,47,62,98,fb,48,3b,5e,54,c3,00
"E4CE6B2B79515319A7360D97E3B217F2FC843CC019"=hex:01,00,00,00,d0,8c,9d,df,01,15,\
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,\
48,d8,b0,2f,b6,00,00,00,00,02,00,00,00,00,00,03,66,00,00,a8,00,00,00,10,00,\
00,00,93,f7,27,3b,9d,6c,1a,16,35,a9,c6,ef,66,03,ba,8c,00,00,00,00,04,80,00,\
00,a0,00,00,00,10,00,00,00,ae,6c,22,5e,40,cf,fb,94,fa,99,5a,91,ed,07,d4,7e,\
70,00,00,00,0f,ec,42,5e,6e,fd,80,89,57,99,c3,fe,d4,1c,72,f8,1b,ee,61,30,f4,\
bc,8b,24,2e,f3,bd,33,37,d3,b2,b1,a7,19,7a,f1,19,38,c3,0e,20,89,3e,19,f5,70,\
39,1b,3b,08,8b,10,7f,16,52,52,aa,60,90,b6,77,33,f7,2c,78,bc,ab,f8,2b,f7,23,\
8b,58,99,1a,59,71,df,a5,63,ce,fc,59,1d,52,50,08,c6,5e,b3,43,02,df,1e,37,80,\
9b,94,7d,95,67,86,3a,bc,3f,13,16,4f,bd,18,95,c8,14,00,00,00,26,03,24,ed,fe,\
29,1d,61,2b,85,a8,3c,fc,e3,51,13,cd,e0,a8,c0

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International]
@=""
"CodePointToFontMap"=hex:22,00,00,00,54,00,69,00,6d,00,65,00,73,00,20,00,4e,00,\
65,00,77,00,20,00,52,00,6f,00,6d,00,61,00,6e,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,\
00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,4c,00,75,00,63,00,69,00,64,00,61,\
00,20,00,53,00,61,00,6e,00,73,00,20,00,55,00,6e,00,69,00,63,00,6f,00,64,00,\
65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,53,00,79,00,6c,00,66,00,61,00,65,00,6e,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,00,73,00,74,00,72,00,\
61,00,6e,00,67,00,65,00,6c,00,6f,00,20,00,45,00,64,00,65,00,73,00,73,00,61,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,4d,00,56,00,20,00,42,00,6f,00,6c,00,69,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,61,00,6e,\
00,67,00,61,00,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,56,00,72,00,69,00,6e,00,64,00,61,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,52,00,\
61,00,61,00,76,00,69,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,53,00,68,00,72,00,75,00,74,00,69,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,4b,00,61,00,6c,00,69,00,6e,00,67,00,61,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4c,00,61,00,74,00,68,00,61,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,47,00,61,00,75,00,74,00,61,00,6d,00,69,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,54,00,75,00,6e,00,67,\
00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,4b,00,61,00,72,00,74,00,69,00,6b,00,61,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,73,00,\
6b,00,6f,00,6f,00,6c,00,61,00,20,00,50,00,6f,00,74,00,61,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,44,\
00,6f,00,6b,00,43,00,68,00,61,00,6d,00,70,00,61,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,53,00,69,00,6d,00,53,00,75,00,6e,00,\
2d,00,31,00,38,00,30,00,33,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,42,00,61,00,74,00,61,00,6e,00,67,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,79,00,61,00,6c,00,61,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,50,00,6c,00,61,00,6e,00,74,00,61,00,67,00,65,00,6e,00,65,00,\
74,00,20,00,43,00,68,00,65,00,72,00,6f,00,6b,00,65,00,65,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,45,00,75,00,70,00,\
68,00,65,00,6d,00,69,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,44,00,61,00,75,00,6e,00,50,00,65,00,6e,00,68,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,53,\
00,20,00,4d,00,69,00,6e,00,63,00,68,00,6f,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,50,00,4d,00,69,00,6e,00,67,00,4c,00,69,00,\
75,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
4d,00,65,00,69,00,72,00,79,00,6f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,53,00,69,00,6d,00,53,00,75,00,6e,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,4d,00,69,00,6e,00,67,00,4c,00,69,00,55,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,50,00,4d,00,69,00,6e,00,\
67,00,4c,00,69,00,55,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,50,00,61,00,6c,00,61,00,74,00,69,00,6e,00,6f,00,20,00,4c,\
00,69,00,6e,00,6f,00,74,00,79,00,70,00,65,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,54,00,72,00,61,\
00,64,00,69,00,74,00,69,00,6f,00,6e,00,61,00,6c,00,20,00,41,00,72,00,61,00,\
62,00,69,00,63,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,53,00,69,00,6d,00,70,00,6c,00,69,00,66,00,69,00,\
65,00,64,00,20,00,41,00,72,00,61,00,62,00,69,00,63,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,\
69,00,6e,00,67,00,4c,00,69,00,55,00,2d,00,45,00,78,00,74,00,42,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,5a,00,00,00,20,00,00,00,7f,00,00,00,00,\
a0,00,00,00,7f,01,00,00,00,80,01,00,00,af,02,00,00,01,b0,02,00,00,ff,02,00,\
00,02,00,03,00,00,6f,03,00,00,01,70,03,00,00,7a,03,00,00,02,7b,03,00,00,cf,\
03,00,00,00,d0,03,00,00,2f,05,00,00,01,30,05,00,00,8f,05,00,00,03,b0,05,00,\
00,ff,06,00,00,00,00,07,00,00,4f,07,00,00,04,80,07,00,00,bf,07,00,00,05,00,\
09,00,00,7f,09,00,00,06,80,09,00,00,ff,09,00,00,07,00,0a,00,00,7f,0a,00,00,\
08,80,0a,00,00,ff,0a,00,00,09,00,0b,00,00,7f,0b,00,00,0a,80,0b,00,00,ff,0b,\
00,00,0b,00,0c,00,00,7f,0c,00,00,0c,80,0c,00,00,ff,0c,00,00,0d,00,0d,00,00,\
7f,0d,00,00,0e,80,0d,00,00,ff,0d,00,00,0f,00,0e,00,00,7f,0e,00,00,10,80,0e,\
00,00,ff,0e,00,00,11,00,0f,00,00,ff,0f,00,00,12,a0,10,00,00,ff,10,00,00,03,\
00,11,00,00,ff,11,00,00,13,00,12,00,00,9f,13,00,00,14,a0,13,00,00,ff,13,00,\
00,15,00,14,00,00,7f,16,00,00,16,80,17,00,00,ff,17,00,00,17,00,18,00,00,af,\
18,00,00,12,e0,19,00,00,ff,19,00,00,17,00,1e,00,00,9f,1e,00,00,01,a0,1e,00,\
00,ff,1e,00,00,00,00,1f,00,00,ff,1f,00,00,01,00,20,00,00,3e,20,00,00,02,3f,\
20,00,00,5f,20,00,00,18,60,20,00,00,6f,20,00,00,00,70,20,00,00,9f,20,00,00,\
18,a0,20,00,00,cf,20,00,00,01,00,21,00,00,38,21,00,00,18,50,21,00,00,f1,22,\
00,00,18,00,23,00,00,06,23,00,00,02,07,23,00,00,07,23,00,00,19,08,23,00,00,\
0f,23,00,00,02,10,23,00,00,1f,23,00,00,18,20,23,00,00,3f,24,00,00,02,40,24,\
00,00,5f,24,00,00,1a,60,24,00,00,6f,26,00,00,18,70,26,00,00,ff,26,00,00,04,\
00,27,00,00,bf,27,00,00,18,80,2e,00,00,ff,2e,00,00,1b,00,2f,00,00,df,2f,00,\
00,1a,f0,2f,00,00,ff,2f,00,00,1b,00,30,00,00,20,30,00,00,18,21,30,00,00,2f,\
30,00,00,1b,30,30,00,00,37,30,00,00,18,3e,30,00,00,3f,30,00,00,12,40,30,00,\
00,ff,30,00,00,18,00,31,00,00,2f,31,00,00,1b,30,31,00,00,8f,31,00,00,13,90,\
31,00,00,9f,31,00,00,1c,f0,31,00,00,ff,31,00,00,18,00,32,00,00,1f,32,00,00,\
13,20,32,00,00,43,32,00,00,18,60,32,00,00,7f,32,00,00,13,80,32,00,00,ff,33,\
00,00,18,00,34,00,00,bf,4d,00,00,12,00,4e,00,00,ff,9f,00,00,1b,00,a0,00,00,\
cf,a4,00,00,12,00,ac,00,00,af,d7,00,00,13,00,f9,00,00,ff,fa,00,00,1d,00,fb,\
00,00,0f,fb,00,00,1e,10,fb,00,00,17,fb,00,00,03,18,fb,00,00,e7,fb,00,00,00,\
e8,fb,00,00,fb,fb,00,00,12,fc,fb,00,00,ff,fb,00,00,00,00,fc,00,00,f0,fd,00,\
00,1f,f2,fd,00,00,f2,fd,00,00,00,00,fe,00,00,0f,fe,00,00,1b,30,fe,00,00,6f,\
fe,00,00,1b,70,fe,00,00,7f,fe,00,00,20,80,fe,00,00,ff,fe,00,00,00,00,ff,00,\
00,e5,ff,00,00,18,e6,ff,00,00,e6,ff,00,00,13,e7,ff,00,00,ef,ff,00,00,18,f0,\
ff,00,00,ff,ff,00,00,00,00,00,02,00,df,a6,02,00,21,00,f8,02,00,1f,fa,02,00,\
21
"CNum_CpCache"=dword:00000001
"CpCache"=hex:e9,fd,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU]
"Enable"=dword:00000001
"Size"=dword:0000000a
"InitHits"=dword:00000064
"Factor"=dword:00000014
"Cache"=hex:af,6f,00,00,44,00,00,00,b0,6f,00,00,09,00,00,00,a8,03,00,00,03,00,\
00,00,b3,6f,00,00,02,00,00,00,b5,6f,00,00,01,00,00,00,e3,04,00,00,01,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\10]
"IEPropFontName"="Mangal"
"IEFixedFontName"="Mangal"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\11]
"IEPropFontName"="Vrinda"
"IEFixedFontName"="Vrinda"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\12]
"IEPropFontName"="Raavi"
"IEFixedFontName"="Raavi"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\13]
"IEPropFontName"="Shruti"
"IEFixedFontName"="Shruti"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\14]
"IEPropFontName"="Kalinga"
"IEFixedFontName"="Kalinga"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\15]
"IEPropFontName"="Latha"
"IEFixedFontName"="Latha"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\16]
"IEPropFontName"="Gautami"
"IEFixedFontName"="Gautami"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\17]
"IEPropFontName"="Tunga"
"IEFixedFontName"="Tunga"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\18]
"IEPropFontName"="Kartika"
"IEFixedFontName"="Kartika"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\19]
"IEPropFontName"="Tahoma"
"IEFixedFontName"="Tahoma"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\20]
"IEPropFontName"="DokChampa"
"IEFixedFontName"="DokChampa"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\21]
"IEPropFontName"="Microsoft Himalaya"
"IEFixedFontName"="Microsoft Himalaya"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\22]
"IEPropFontName"="Sylfaen"
"IEFixedFontName"="Sylfaen"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\23]
"IEPropFontName"="Gulim"
"IEFixedFontName"="GulimChe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\24]
"IEPropFontName"="MS PGothic"
"IEFixedFontName"="MS Gothic"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\25]
"IEPropFontName"="PMingLiu"
"IEFixedFontName"="MingLiu"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\26]
"IEPropFontName"="Simsun"
"IEFixedFontName"="NSimsun"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\27]
"IEPropFontName"="Nyala"
"IEFixedFontName"="Nyala"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\28]
"IEPropFontName"="Euphemia"
"IEFixedFontName"="Euphemia"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\29]
"IEPropFontName"="Plantagenet Cherokee"
"IEFixedFontName"="Plantagenet Cherokee"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3]
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\30]
"IEPropFontName"="Microsoft Yi Baiti"
"IEFixedFontName"="Microsoft Yi Baiti"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\34]
"IEPropFontName"="Iskoola Pota"
"IEFixedFontName"="Iskoola Pota"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\35]
"IEPropFontName"="Estrangelo Edessa"
"IEFixedFontName"="Estrangelo Edessa"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\37]
"IEPropFontName"="DaunPenh"
"IEFixedFontName"="DaunPenh"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\38]
"IEPropFontName"="MV Boli"
"IEFixedFontName"="MV Boli"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\39]
"IEPropFontName"="Mongolian Baiti"
"IEFixedFontName"="Mongolian Baiti"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\4]
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\5]
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\6]
"IEPropFontName"="Times New Roman"
"IEFixedFontName"="Courier New"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\7]
"IEPropFontName"="Sylfaen"
"IEFixedFontName"="Sylfaen"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\8]
"IEPropFontName"="David"
"IEFixedFontName"="Miriam Fixed"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\9]
"IEPropFontName"="Simplified Arabic"
"IEFixedFontName"="Simplified Arabic Fixed"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar]
"LinksFolderMigrate"=hex:f8,f7,e0,c2,a6,12,ca,01
"MarketingLinksMigrate"=hex:d8,87,cd,f5,df,12,ca,01

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0]
"Path"="C:\\Users\\Administrator\\Favorites\\Links\\Suggested Sites.url"
"Handler"="{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}"
"FeedUrl"="https://ieonline.microsoft.com/#ieslice"
"DisplayName"="Suggested Sites"
"DisplayMask"=dword:00000004
"ErrorState"=dword:00000040
"Expiration"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1]
"Path"="C:\\Users\\Administrator\\Favorites\\Links\\Web Slice Gallery.url"
"Handler"="{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}"
"FeedUrl"="http://go.microsoft.com/fwlink/?LinkId=121315"
"DisplayName"="Web Slice Gallery"
"DisplayMask"=dword:00000004
"ErrorState"=dword:00000040
"Expiration"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33B16641-F94B-4CD0-8D2B-0633B2C35790}]
"AppName"="GoogleUpdate.exe"
"AppPath"="C:\\Users\\Administrator\\Local Settings\\Application Data\\Google\\Update"
"Policy"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping]
"{e2e2dd38-d088-4134-82b7-f2ba38496583}"=dword:00002000
"NextId"=dword:00002005
"{FB5F1910-F110-11d2-BB9E-00C04F795683}"=dword:00002001
"{92780B25-18CC-41C8-B9BE-3C9C571A8263}"=dword:00002002
"{09FE188B-6E85-479e-9411-51FB2220DF80}"=dword:00002003
"{44627E97-789B-40d4-B5C2-58BD171129A1}"=dword:00002004

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings\preferences]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"StatusBarOther"=dword:00000001
"StatusBarWeb"=dword:00000001
"NotifyDownloadComplete"="no"
"Start Page"="http://www.tattoodle.com?tid=0"
"Disable Script Debugger"="yes"
"SmoothScroll"=dword:00000000
"AllowWindowReuse"=dword:00000000
"DisableScriptDebuggerIE"="yes"
"Error Dlg Displayed On Every Error"="no"
"Friendly http errors"="no"
"Use Search Asst"="on"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\pchealth\\helpctr\\System\\panels\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Use_DlgBox_Colors"="yes"
"XMLHTTP"=dword:00000001
"UseClearType"="no"
"AlwaysShowMenus"=dword:00000001
"Enable Browser Extensions"="yes"
"Play_Background_Sounds"="yes"
"Play_Animations"="yes"
"CompatibilityFlags"=dword:00000000
"FullScreen"="no"
"SearchMigrated"=dword:00000001
"SearchMigratedDefaultName"="Google"
"SearchMigratedDefaultURL"="http://www.google.com/search?q...:en-US&ie=utf8&oe=utf8"
"SearchMigratedInstalled"=dword:00000001
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,00,83,ff,ff,00,83,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,72,01,00,00,06,01,00,00,3f,04,00,00,e0,03,00,\
00
"ShowedCheckBrowser"="Yes"
"Check_Associations"="no"
"IE8RunOnceLastShown"=dword:00000001
"IE8RunOnceLastShown_TIMESTAMP"=hex:0e,28,ea,fd,df,12,ca,01
"AutoSearch"=dword:00000000
"IE8RunOncePerInstallCompleted"=dword:00000001
"IE8RunOnceCompletionTime"=hex:36,7f,39,20,e0,12,ca,01
"IE8TourShown"=dword:00000001
"IE8TourShownTime"=hex:90,e1,3b,20,e0,12,ca,01
"Use FormSuggest"="yes"
"AutoHide"="yes"
"RunOnceHasShown"=dword:00000001
"RunOnceComplete"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default Feeds]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default Feeds\{6CE678ED-51A5-46A1-97B3-C6FAD09C05BF}]
"Title"="Microsoft Feeds\\Microsoft at Work"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default Feeds\{FFBF176D-9FC4-4AD2-8A25-2060C1471B9C}]
"Title"="Microsoft Feeds\\Microsoft at Home"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"iexplore.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch]
"Version"="WS not running"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver]
@="res://C:\\WINDOWS\\system32\\GPhotos.scr/200"
"Contexts"=dword:00000022

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@="res://C:\\PROGRA~1\\MICROS~1\\Office12\\EXCEL.EXE/3000"
"Contexts"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon]
"Contexts"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with &Babylon]
@="res://C:\\Program Files\\Babylon\\Babylon-Pro\\Utils\\BabylonIEPI.dll/Translate.htm"
"Contexts"=dword:00000031

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon]
"Contexts"=dword:00000031

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows]
"PopupMgr"=dword:00000001
"UseSecBand"=dword:00000001
"BlockUserInit"=dword:00000001
"UseTimerMethod"=dword:00000000
"UseHooks"=dword:00000000
"AllowHTTPS"=dword:00000000
"PlaySound"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
"PopupMgr"="yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup]
"header"=""
"footer"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter]
"EnabledV8"=dword:00000001
"ShownServiceDownBalloon"=dword:00000001
"Enabled"=dword:00000002

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active]
"{8E55531A-CEE9-11DE-8171-0019DBCFF6B1}"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"Version"=dword:00000002
"DownloadUpdates"=dword:00000001
"UpgradeTime"=hex:8e,c6,31,2e,e0,12,ca,01

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}]
"DisplayName"="Fast Browser Search"
"URL"="http://www.fastbrowsersearch.c...}&c=web&s=DSP&v=19"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
"DisplayName"="Crawler Search"
"URL"="http://www.crawler.com/search/...w={searchTerms}&tbid=60341"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96BDF774-D93B-4C8B-A9C8-2489CE78030A}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q...:en-US&ie=utf8&oe=utf8"
"SuggestionsURLFallback"="http://clients5.google.com/com...utputencoding={outputEncoding}"
"FaviconURLFallback"="http://www.google.com/favicon.ico"
"FaviconPath"="C:\\Users\\Administrator\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\Services\\search_{96BDF774-D93B-4C8B-A9C8-2489CE78030A}.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A97EFA14-6666-414B-A6FE-DE324525EFC4}]
"DisplayName"="Yahoo! Search"
"URL"="http://search.yahoo.com/search...ype=374563&p={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@="http://www.google.com/keyword/%s"
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\AV]
@="http://www.altavista.com/sites/search/web?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\FM]
@="http://www.filemirrors.com/search.src?file=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GGL]
@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\MSKB]
@="http://support.microsoft.com/?kbid=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\MSN]
@="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security]
"Sending_Security"="Medium"
"Viewing_Security"="Low"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\AntiPhishing]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2]
"UserFile"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,\
00,00,00,13,18,0d,a3,ff,88,81,4a,bb,c7,97,6b,f4,02,aa,7a,00,00,00,00,12,00,\
00,00,55,00,73,00,65,00,72,00,46,00,69,00,6c,00,65,00,00,00,03,66,00,00,a8,\
00,00,00,10,00,00,00,d7,2a,d5,c0,f1,a5,9b,1a,ef,32,29,2f,d2,5b,42,39,00,00,\
00,00,04,80,00,00,a0,00,00,00,10,00,00,00,52,54,51,2d,5b,c6,f9,1c,fa,b7,da,\
ac,0e,f9,8c,a7,10,00,00,00,95,7a,51,1b,8c,6d,e4,4c,6a,9c,51,bc,c8,65,7a,5d,\
14,00,00,00,09,4b,d4,4f,87,89,5f,4b,4f,0b,77,da,bf,1e,9e,e7,2e,50,06,34

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D]
"UserFile"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,\
00,00,00,ea,a0,9b,f9,2d,65,b0,4a,8f,64,f9,48,d8,b0,2f,b6,00,00,00,00,24,00,\
00,00,53,00,6d,00,61,00,72,00,74,00,53,00,63,00,72,00,65,00,65,00,6e,00,20,\
00,43,00,61,00,63,00,68,00,65,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,\
fa,3d,57,6d,e2,52,e1,df,2a,d0,34,e2,1e,bf,4f,83,00,00,00,00,04,80,00,00,a0,\
00,00,00,10,00,00,00,57,89,85,14,14,08,dc,d7,78,fa,d4,e0,f1,f6,93,07,18,34,\
01,00,46,4e,41,a3,80,90,2c,1b,03,d5,75,06,32,f7,33,ff,e5,96,b0,b2,7a,b0,63,\
6f,f1,0e,80,c2,89,f5,76,4a,c9,ec,e6,d4,23,b5,8c,52,30,2e,c6,0a,4c,e5,dd,5a,\
74,dd,da,01,fb,79,6b,8f,d7,5f,93,50,ef,ab,62,01,8d,5b,50,ed,76,b1,9b,a1,45,\
3c,08,a9,8f,3b,67,aa,bf,ba,ee,17,76,f6,61,30,72,bb,5f,a8,3a,1e,92,21,d1,fd,\
32,64,1e,bc,3f,91,97,4b,5a,40,57,e9,fc,3b,4a,4e,73,c4,e8,6b,d1,ad,18,7d,18,\
d4,3a,63,40,d3,22,19,b5,63,2f,a8,d1,cf,3d,0b,f6,a1,b8,6e,9a,81,0c,63,f7,f5,\
10,ed,a0,c7,14,d5,48,33,84,ee,e9,03,a9,b6,0d,46,29,0b,e8,05,d8,b6,20,9b,44,\
2f,dc,39,ba,04,b1,4e,4e,03,2d,ba,55,cf,68,ad,96,92,fe,02,14,ee,ac,b1,99,94,\
cb,e4,4d,12,37,84,5e,6c,3e,ca,0e,f1,60,f1,af,ba,7a,7c,cc,71,ec,1c,14,67,8c,\
7e,38,b7,a9,d9,2f,6c,c3,3b,0d,85,e5,27,ed,11,f9,94,12,d0,0a,03,a9,de,0b,36,\
ce,96,b2,1c,15,5e,b8,7d,6d,c6,45,e2,a7,3d,7e,36,28,c0,4b,89,64,e9,b7,12,b5,\
21,da,8c,a6,50,0e,47,6e,b3,a5,94,0c,8a,37,24,f5,6f,9c,2a,93,ff,17,ce,ab,58,\
bc,9d,94,38,98,eb,80,a7,9b,ef,92,6c,65,47,f9,e1,42,9b,7c,98,8f,83,6b,80,77,\
29,a4,7c,78,a8,d3,83,8b,d6,2b,5e,70,de,65,9f,e8,b9,a4,1c,05,ae,32,15,9e,20,\
dc,14,b8,a8,13,0f,9d,bf,e0,3a,3f,8d,c4,60,39,9a,8e,82,bd,ee,d8,38,90,91,4e,\
0f,08,cb,bf,7d,06,a1,76,89,6b,99,75,2e,d8,52,e0,bd,d1,02,29,e4,b2,b8,f0,79,\
89,d9,4c,22,2e,6e,25,3d,e0,c2,08,58,97,0a,4d,57,f9,5f,02,f4,a0,2e,09,65,8e,\
d0,91,d1,21,b8,0c,55,aa,c9,13,be,0b,db,57,38,ad,e0,b9,e9,66,d7,44,ab,21,14,\
f4,c3,ae,45,c6,08,5c,c0,cd,8e,cc,5b,a1,87,3a,ea,a1,2a,bc,7b,14,05,22,23,ea,\
d7,74,c5,80,20,53,f1,4d,47,f8,83,54,43,39,2a,c0,90,be,22,93,47,1d,28,99,c6,\
9c,4b,0e,17,d9,fb,6c,93,fa,a6,7f,4c,7d,e5,f5,82,3a,48,41,28,9e,8b,5f,b0,ff,\
d2,1a,76,da,2a,d8,a0,28,bd,06,81,ed,2b,91,a7,43,bc,73,1f,e2,d6,18,3e,b2,39,\
28,a9,1a,0f,24,c5,71,2a,84,ac,5c,d4,4b,5e,e8,ef,0c,84,1b,27,94,e7,d7,10,39,\
d1,2a,73,a6,5d,75,23,23,73,4c,34,15,c3,f0,c7,22,9e,28,b7,d2,a3,aa,c1,a5,99,\
4d,52,9b,13,8f,c7,9c,60,1c,b7,64,e0,57,07,ab,3d,99,65,d8,41,7b,8d,f8,39,ea,\
45,c8,84,47,68,4f,14,36,77,59,68,dd,0f,41,1b,e2,88,18,7d,52,a4,42,04,7e,a3,\
de,3e,b2,3f,67,a3,e6,8e,97,56,ff,ec,f8,a4,9e,aa,a5,53,3d,6f,a6,34,ab,81,7a,\
5e,8a,5e,f6,a9,02,d8,93,ce,db,b5,f7,8c,b2,ac,9c,79,4b,50,3a,ae,a9,1e,ba,85,\
f9,8e,ad,d5,eb,75,3b,a4,79,34,b0,a2,77,34,8a,f6,dd,4b,34,e1,bf,df,54,eb,ce,\
24,64,64,18,1a,49,a7,74,29,61,b6,29,44,fc,5b,74,18,64,ea,8d,0d,fb,0d,70,b9,\
a4,d1,84,5f,d0,74,7e,bc,1a,df,f3,1d,55,9b,12,63,46,46,6d,fd,f5,18,14,aa,8a,\
26,81,dc,be,02,46,42,3c,99,05,ef,78,57,34,81,ed,d9,dc,7f,77,82,c4,83,f7,46,\
97,4d,77,6d,48,9e,bf,36,ca,ee,05,eb,af,2f,f9,91,1f,5c,69,ad,bb,d3,ce,f0,f5,\
2f,bf,e1,e6,67,c7,d5,e9,fb,07,1e,42,28,cd,14,e8,01,b7,de,69,47,3e,58,38,2b,\
ea,d3,2a,d7,0c,8e,74,cf,00,5c,b9,0b,12,ca,ad,38,6e,1f,09,83,af,98,dd,25,35,\
01,27,84,2f,82,c9,10,68,00,60,dd,98,b6,1c,ea,64,8e,47,a1,6a,ae,ed,6d,95,8e,\
df,4c,90,38,7c,6b,6b,b1,61,b5,e3,26,7f,c0,00,e7,67,c9,b5,63,f1,8d,a6,99,dd,\
fe,34,d4,0d,97,c5,94,db,bd,40,cb,6a,97,25,39,d1,66,cf,03,a7,ba,08,23,ed,78,\
c6,4f,86,dc,43,1e,50,5f,63,04,99,92,d9,11,a0,ca,44,2c,01,e6,1d,e8,ea,72,1d,\
98,43,88,0a,b8,30,18,05,86,11,22,77,61,5f,ad,01,21,94,87,9d,ba,0b,0a,d6,13,\
80,b5,c7,0f,ee,43,26,fb,75,30,c2,93,92,c2,11,13,e5,8c,a0,fb,40,8d,d2,0a,0d,\
cb,25,5a,8f,33,8a,0a,b1,01,bb,8e,db,20,47,b9,5a,6d,06,36,ca,3b,85,ce,3d,fe,\
f9,a4,d0,7e,38,ea,d3,c3,02,25,70,ab,d3,2b,47,fe,d9,22,57,26,eb,32,fb,a9,76,\
4d,82,a6,37,f5,61,2c,5d,83,4a,dc,db,48,e7,58,90,d2,64,b8,5f,97,67,42,78,2b,\
43,28,d8,e9,53,49,75,07,1a,fe,98,a1,c5,77,7e,44,46,08,fe,2b,dc,a6,ae,07,2f,\
a8,10,cb,96,ad,40,9d,ec,97,34,59,c1,e3,2d,d6,a7,ab,d2,30,f4,c3,a0,b4,22,73,\
80,2c,f1,c3,ee,ba,be,79,07,ec,a8,37,fe,ec,63,4f,f6,5b,cd,b2,04,2d,50,10,27,\
12,f5,5d,2d,3c,91,72,08,c2,bd,3a,92,b0,ff,7e,37,6e,0c,d5,e2,1a,e6,9a,35,6f,\
01,bd,36,f0,57,ff,12,81,62,f2,83,98,c0,70,f1,11,83,5b,66,86,1c,a0,43,a8,21,\
5a,c7,e1,f1,c0,09,c2,11,42,34,1d,13,81,da,d4,42,51,4f,81,8e,74,c4,0a,b0,ed,\
43,10,78,3f,43,dc,2e,1f,0f,c6,78,60,14,b8,b8,92,8e,64,cd,f7,c4,07,a0,2b,84,\
2c,04,e8,4f,e5,95,37,06,eb,fc,86,c8,27,f5,e4,b4,ce,fd,04,2f,cd,cf,fb,c9,5c,\
bd,be,c3,63,43,d5,2c,d4,5e,cb,93,fe,44,ef,e9,97,af,aa,36,f5,8e,6f,85,53,92,\
d2,ad,a6,c7,e8,32,c7,c7,eb,da,8d,11,c7,9f,1e,e2,2c,46,2a,1d,94,b7,f4,3f,d2,\
b6,18,5c,26,42,0d,c0,43,b6,b9,4f,28,1d,f1,c7,c5,35,1b,47,d0,b8,23,51,2d,2c,\
80,13,69,f2,6c,d1,29,07,6b,b3,36,4e,03,f4,00,9c,01,a0,14,8e,8e,02,26,fa,6a,\
4b,5f,38,cf,2c,af,57,a6,44,5b,68,3c,d6,a2,61,79,82,55,1b,8e,79,48,d6,15,6f,\
cb,02,be,26,04,99,de,44,ba,f6,1a,98,49,8e,a7,06,e0,71,e6,15,92,0d,77,4d,b3,\
eb,9d,13,73,c4,1c,78,4a,d8,7a,ca,e1,98,51,ba,e2,f9,27,bf,38,6e,3f,bf,64,e4,\
ec,4e,32,7a,0b,d1,0d,8e,af,d3,ac,af,e7,f2,bb,aa,2f,cd,b1,f1,3e,9a,59,c0,de,\
59,c6,fd,61,a4,da,a8,53,f0,cd,75,05,32,51,9e,af,90,ef,51,b4,94,c0,aa,14,47,\
72,31,74,05,55,26,28,6b,0b,35,e6,85,d3,79,73,cf,d8,c1,af,ef,af,28,93,49,b2,\
26,90,df,d6,96,95,8b,88,18,07,17,a8,5a,e9,37,62,f5,31,c5,09,bf,ef,11,40,6d,\
3a,42,32,94,2c,3e,bb,ad,9a,fb,04,ae,dd,6b,37,40,3d,45,e7,19,a4,b6,89,04,07,\
75,bc,15,b7,a1,73,c9,b7,e9,d8,02,21,52,91,2c,ce,97,f1,42,91,fd,ee,1b,22,ed,\
5e,b2,d1,ce,6f,5f,84,5f,77,88,fe,7f,69,5a,11,dd,e3,de,b6,ea,91,c6,d7,19,cd,\
dc,47,65,6f,b5,86,f7,74,c2,58,11,d2,c0,b6,a1,69,52,fd,26,08,d3,fd,81,df,64,\
c7,45,58,ed,87,7b,b5,a9,e3,2c,19,dc,56,05,b2,c9,64,df,d5,3f,29,43,a5,f7,de,\
9c,dc,73,4b,cf,b7,a0,35,ac,a6,e6,37,14,dd,ef,f9,35,b8,8b,bd,f9,d8,a7,3c,08,\
be,fd,50,0b,ce,9a,bb,6a,8c,c4,4e,ed,d0,51,87,15,be,4f,2b,41,34,b1,5b,0d,d8,\
ce,d0,16,70,05,71,15,a9,c3,e4,ca,3a,ad,ae,90,4d,fa,4a,b9,84,d1,4f,f6,2d,0a,\
43,2e,39,ff,49,ab,4c,4d,bc,66,36,3f,e8,e3,b3,4e,51,f4,3d,34,6d,d2,a2,d1,0b,\
59,b2,81,07,09,77,22,63,c9,74,ff,19,ae,61,0a,6a,0e,25,3e,7e,d0,cb,a4,b3,8d,\
b8,d6,ac,04,ac,59,02,5b,38,26,81,31,80,37,2c,50,7c,75,f5,5c,95,a7,fb,cc,ec,\
e0,7a,17,19,ff,cb,1f,1d,4a,15,6b,43,d3,2c,e2,4f,fb,50,be,2b,51,c1,7b,2c,3b,\
01,74,97,be,27,1f,ef,c8,fa,9d,9b,e8,62,e1,fd,5c,5b,87,7f,0b,a7,21,b9,d4,6a,\
dd,44,ee,ac,f0,ff,0b,d8,88,fd,7e,77,b7,f0,2c,93,c4,45,98,c7,4b,1d,73,13,9f,\
a2,8c,0d,86,9e,eb,a2,a1,fc,21,8d,2c,44,e5,e7,38,8d,99,4e,3b,80,a8,0a,2a,16,\
b9,1c,16,0f,68,ea,52,53,05,fa,c6,e2,c3,fd,fe,e1,65,cb,ba,10,2a,6d,0c,05,0f,\
e0,59,c1,39,cf,4a,bd,87,e8,cb,15,c3,92,d0,d5,a5,36,f0,c0,9d,32,83,0d,76,4a,\
04,e8,5a,31,6b,98,3c,15,46,32,b5,de,74,13,62,71,46,fb,93,d9,8d,36,6c,4f,7b,\
5f,e2,c3,2f,c7,02,2e,ad,c3,a6,88,1e,ee,32,45,08,6a,3f,43,97,28,a8,65,07,cf,\
e1,23,69,18,a2,60,c4,6e,de,40,53,d7,40,17,d0,3d,44,67,c4,17,f9,16,81,d8,d4,\
1b,95,ce,fd,71,5a,24,1f,5b,40,f8,88,26,1a,9b,27,2a,e0,a4,d6,ab,a7,87,a5,eb,\
eb,38,1d,ea,c5,f3,59,5c,e9,b7,ac,d3,d0,f1,40,71,69,90,64,9d,c9,e4,69,98,9c,\
b5,33,17,93,c5,99,07,d1,1a,47,01,7a,81,54,36,98,5b,2b,1c,a2,94,15,f5,0a,96,\
76,34,49,e3,5f,27,2d,48,46,92,11,01,2d,52,a1,58,ea,67,82,c6,d5,ae,9a,80,4a,\
1d,61,bf,f6,e2,2b,c4,2c,dc,b7,6b,12,81,2f,c9,36,0a,bb,a3,a0,a7,c5,c9,c6,da,\
ae,65,a4,da,89,b3,8b,fc,9b,50,3b,c3,1f,2e,f2,16,4e,c1,b3,46,69,8a,12,2b,fa,\
a7,4b,94,30,cd,cb,ba,fb,28,83,3c,68,43,c9,31,c9,fb,1f,63,bb,63,7d,a3,d2,55,\
5a,33,7e,d2,e8,d9,03,3b,b8,58,8c,f9,3e,8c,78,7f,3f,52,26,7b,b8,c6,f4,71,e6,\
a1,09,41,ae,75,4e,e2,f3,0f,15,8e,3a,bf,95,c3,d1,0c,46,2c,97,15,7a,a0,3d,1d,\
01,5e,a6,0b,df,22,d8,a4,b9,7b,b3,14,53,7c,6a,da,f3,de,04,ae,dc,50,05,1b,70,\
d7,b7,6a,6b,ff,28,51,e0,41,20,ea,97,cb,8b,7b,da,b7,cc,e2,a4,db,55,2d,8d,6c,\
98,7f,f6,ab,0c,ef,be,f4,6e,2f,f8,19,20,3c,e0,06,a9,82,76,14,65,6e,4d,0c,79,\
1c,5a,7a,28,49,50,2f,e3,ee,78,91,3e,0e,48,ab,e0,d6,7d,25,d2,e4,48,83,20,45,\
66,30,ba,7e,c4,82,d9,d4,5a,fe,11,d0,a6,ae,7d,25,2f,26,dd,66,bd,6f,fa,a8,77,\
43,5b,d3,9c,6a,cb,84,5e,9d,3b,2e,d1,37,09,ad,a1,45,1a,6b,57,9d,a1,8a,d7,a1,\
0f,3b,68,ee,2f,eb,86,c6,5e,d5,3c,65,0d,88,b3,0a,90,04,9e,dd,ff,1d,4d,80,ee,\
cb,32,6a,b7,13,51,13,a0,5f,9c,87,13,94,da,6c,92,2b,87,71,b9,26,2c,50,bb,09,\
a0,b9,5d,09,82,d2,d3,5c,c3,9a,ee,c5,4d,eb,9a,b2,d8,47,24,d0,07,fc,52,bd,aa,\
e4,ae,29,e7,dd,a3,06,19,30,4b,40,79,42,5f,f1,df,fc,21,8a,4f,67,94,35,f0,a8,\
be,b4,70,0f,5b,39,6e,fb,cb,0f,83,50,02,e2,32,fe,75,e3,34,70,3e,c0,4c,50,c0,\
e5,a1,a3,d0,a3,b1,5e,c7,46,c0,33,0b,37,13,56,7f,6f,0f,17,0c,b1,68,60,21,86,\
13,75,4a,ab,00,63,4a,77,b5,fa,5c,8d,b5,b2,bc,82,58,bb,29,f1,2f,ae,6f,28,2f,\
1c,4b,b2,bb,69,dd,b3,71,97,9a,ac,eb,ae,17,6e,23,82,f7,a8,a3,0d,69,20,e0,2b,\
6a,dc,c0,36,7f,5e,59,b7,e2,08,2c,d7,ac,fd,a4,ca,26,b5,07,3c,61,66,7c,d5,2f,\
eb,60,26,53,f4,a5,5a,24,04,2a,80,d4,84,11,cc,76,f6,b7,78,ca,be,72,aa,c2,e7,\
34,4e,5a,92,17,39,f2,0e,58,75,74,09,f0,f4,e7,0d,2d,91,2d,d8,fd,18,9a,69,8c,\
f8,2e,35,24,08,b8,3b,95,d3,b7,a3,f4,25,e5,66,d0,ff,ec,92,96,b5,06,8d,20,2b,\
25,b6,35,3c,9c,72,25,81,b7,c1,56,4b,95,be,17,d7,82,9d,07,c8,69,11,34,35,fb,\
ec,5a,cd,78,41,8a,c1,d1,ec,71,c4,c6,5d,a7,99,17,1a,fd,20,df,43,98,31,48,0e,\
db,d4,9b,0d,07,c1,1b,5f,31,d7,a1,de,6f,6e,67,4f,3f,95,1d,ca,e2,ca,57,06,7e,\
32,2a,40,7f,a4,2d,6a,57,a1,f4,65,c7,e9,2f,0b,72,60,6d,9a,cf,bb,d0,eb,2f,6b,\
1a,36,54,03,60,3a,51,55,fe,87,6d,be,c2,d8,ac,70,f9,6d,2e,9a,c0,92,bd,e1,16,\
2f,6f,a9,fa,13,0f,1d,37,b3,d8,31,56,64,87,5d,ba,8d,a7,64,64,69,e1,8e,25,85,\
c1,59,e2,85,8c,68,0d,28,59,a5,39,28,1c,5d,4a,46,ec,e4,59,84,13,e4,19,46,11,\
ea,6f,9f,c2,bf,96,64,e4,d6,0a,81,cc,b0,62,f0,6c,74,1e,de,a3,23,41,c8,f4,a3,\
cc,8e,1f,b6,ae,86,bf,b1,0b,22,aa,74,30,0a,d0,a9,1d,eb,94,78,6e,0f,2c,08,08,\
c3,1d,3a,8a,2b,88,b0,64,d5,95,9b,f3,e5,8f,fc,e0,df,2c,14,2a,e1,2d,2b,19,17,\
1a,67,3c,74,e7,95,be,fb,d6,6f,01,69,a5,56,70,44,0a,a7,d8,58,e4,c6,7e,63,65,\
53,6f,8d,5f,3a,82,be,a2,b4,4f,af,3c,b4,82,4b,9c,75,e0,4d,47,ab,ba,1e,2f,e8,\
a9,dd,ba,43,3d,e1,e7,03,bf,0e,ce,97,97,55,81,c7,fa,39,0c,76,6e,e4,b1,df,b8,\
c2,99,2a,c9,27,83,3b,02,3c,a3,fb,1b,aa,58,92,c8,c3,59,d8,3b,5f,5b,cd,84,56,\
7c,8c,29,6d,9c,66,e2,04,e0,5c,28,9a,6e,12,6d,34,d7,12,5f,01,cd,e9,97,c2,25,\
2e,4d,47,9f,03,a7,62,ea,81,f5,b7,9e,2e,0f,4c,43,ef,f3,bf,e3,26,c0,42,c4,fc,\
c6,c8,12,74,d3,ec,e4,03,e3,cf,8c,85,0e,c1,3d,3f,56,66,2b,b8,33,da,eb,c6,99,\
f5,f7,a2,48,e4,b2,dc,89,b6,f6,a0,85,db,b8,85,45,2d,8e,2c,84,ea,10,1e,9e,5f,\
13,10,92,47,16,db,90,c2,a3,b9,5a,bc,bd,a2,9f,bb,b8,f4,e2,e1,fb,7e,96,f3,c3,\
29,59,19,70,e2,4a,3a,40,df,e4,cf,d2,e3,ee,cc,f6,06,d3,dc,83,01,2a,36,20,89,\
50,aa,0c,fe,59,0d,e2,cd,50,d1,81,c3,bd,ce,78,1f,5c,73,20,3a,80,cb,76,c4,25,\
90,bb,71,13,f7,36,1f,54,e2,09,49,f0,b2,65,4c,70,4b,32,82,71,e6,97,c0,7d,4f,\
31,46,42,51,1f,cc,61,ba,7c,c5,e7,95,7e,51,6d,39,96,39,ba,46,98,6c,c4,61,99,\
26,a5,cd,32,a8,6a,7e,48,45,e9,61,b0,cf,50,b2,a8,d1,55,fc,2e,2f,cc,9e,e8,b5,\
88,6c,d1,06,41,3f,2c,0f,fb,b1,d4,8d,f3,1a,23,15,bc,57,72,7a,24,c6,d7,51,8d,\
6e,b8,72,7e,40,94,4b,b5,e7,5f,5f,84,10,b2,33,86,c3,fa,2d,a0,ae,7d,f9,2b,51,\
79,94,f5,7b,f8,5b,b8,e0,f6,5c,0e,d2,fd,0e,19,b0,94,65,10,14,13,aa,4d,dc,33,\
b3,bf,c6,fc,d9,77,57,e0,e5,b3,ef,4d,5a,30,70,1c,21,08,47,5c,9a,71,b2,3c,2e,\
8a,ac,90,ab,3a,cf,58,46,73,f8,88,c1,c8,bf,82,80,05,25,e4,3c,8f,8f,e3,2f,b7,\
d9,16,df,29,fd,bd,fb,b3,78,20,40,bb,fb,37,04,fc,db,9c,40,75,0a,17,0c,48,3e,\
ba,9c,cc,c6,a2,08,7f,1a,77,c6,bf,4f,98,00,c7,a3,0d,36,e3,76,a5,a6,81,c3,17,\
b4,3e,47,d3,cb,45,b2,26,21,3b,13,7c,a6,05,0d,06,de,75,95,f3,e6,7b,cf,07,42,\
ed,57,ad,73,b7,f1,31,72,b1,dc,73,88,75,dc,ef,3e,af,bc,f3,21,fa,b1,71,6e,63,\
50,6b,0d,fd,02,87,67,a6,ae,9c,37,b4,c8,02,82,86,0e,9e,05,dd,13,01,02,02,af,\
53,af,70,f5,90,d4,d9,00,8b,97,b4,af,39,53,a2,73,10,d7,b4,da,5f,86,d0,46,a9,\
7b,b8,9b,22,ed,b3,a7,5d,dd,1c,7b,2c,5d,09,4a,cd,46,4c,56,75,6d,78,b3,69,cd,\
92,b3,9d,f6,73,4c,ab,0b,07,dc,ca,c8,f6,92,ca,35,34,c9,10,29,1e,fa,2b,51,e9,\
1d,b6,fa,3c,45,0d,54,a3,8d,5e,a0,59,8c,76,08,c2,a4,b7,b8,43,1a,ed,0f,7d,dd,\
94,f9,d8,02,ac,89,e8,ed,e0,64,e8,57,e0,02,42,05,ca,78,43,eb,99,4a,fe,5a,36,\
3d,8a,e7,93,5b,2f,86,d9,b0,ee,7c,b9,8a,57,a5,3c,8e,bc,84,ab,6c,04,13,55,de,\
27,40,2a,45,cb,83,b3,c8,ee,90,5c,3a,2e,5e,4f,3f,c2,63,45,17,59,df,d1,5c,7b,\
eb,b0,c9,44,6c,95,24,9b,75,1a,67,03,39,be,93,54,2a,26,c3,79,9f,98,1c,fe,1b,\
8d,60,92,13,e2,49,be,f5,c3,32,ac,b5,e7,ce,73,de,82,41,15,89,29,5a,b1,0f,96,\
87,fb,1e,ff,a0,d7,8c,4d,64,37,79,f5,c9,bb,47,0f,76,45,d9,16,ca,76,cd,5f,45,\
59,2b,f3,2f,eb,9b,48,6c,70,09,d3,81,1d,7e,a4,0a,07,05,30,d3,c9,0c,1a,8f,57,\
32,e0,47,38,39,dd,e2,b6,fa,5d,b4,49,d4,cf,d5,4c,f8,b5,10,43,ca,0f,2d,58,26,\
1e,9f,40,1c,f9,c6,ad,7f,49,e7,ea,9d,a9,ec,e4,45,c8,76,6f,2c,4d,57,a6,e9,d6,\
0a,62,52,f1,f8,de,6a,5e,93,bc,e3,4f,89,d0,cd,e5,3a,07,6e,fd,8f,c5,2a,b1,bd,\
e4,eb,a5,1c,14,65,98,75,b6,1c,02,a7,88,9c,56,3c,f8,6f,a2,4e,1b,c2,3c,f2,ee,\
8e,08,5c,78,0e,26,43,b5,9a,47,a7,dc,e4,65,2d,6f,4c,6e,1b,d6,45,64,4c,fd,05,\
9e,79,3c,c3,34,5b,98,43,51,9d,6d,08,8e,a1,c6,7c,ac,3f,58,c3,08,7a,38,fe,1f,\
1b,0d,ac,93,75,78,d2,cc,d3,a0,3e,bd,a2,06,88,f5,0b,75,dc,45,ec,a6,09,fc,62,\
bf,6c,a9,cd,1c,02,a7,6f,91,0a,fb,8e,1d,f4,f0,70,16,6b,b5,3d,c5,29,5a,04,e8,\
49,60,d5,53,47,5e,41,ad,03,fd,ff,e3,9c,be,99,78,8f,84,c6,2c,11,a7,e2,98,7a,\
77,cb,da,10,51,f5,70,15,2b,e3,fb,16,b4,5d,ca,42,85,b1,a1,72,22,f6,68,1c,9d,\
1d,fd,ad,be,0f,af,5d,27,2e,27,8a,5d,b4,c7,8c,e9,9a,2c,86,4c,46,01,9d,4d,45,\
f0,25,64,61,27,71,cf,db,b3,2a,35,7f,bd,97,7d,3d,61,38,43,8d,1c,2c,38,ce,86,\
8b,81,ba,00,0f,64,8a,e8,82,38,70,fa,16,79,b3,6c,fd,8c,7c,08,2b,b6,46,61,0a,\
4c,c4,95,e5,80,e1,e8,07,f0,a3,41,e0,ae,2b,48,e3,f5,b8,b6,e6,ac,c6,54,28,d7,\
7f,54,5b,e4,be,83,02,62,9d,0b,ed,e8,45,6d,3d,52,c8,ba,5e,a9,a8,0d,e9,85,83,\
46,19,82,6e,de,bb,07,51,67,ab,cb,42,68,29,51,42,08,f0,6c,6f,38,d1,74,6d,de,\
ba,a9,83,9b,99,78,c6,cb,25,9a,c2,9b,ca,8a,a7,f1,23,ef,44,4a,0a,f4,34,1c,a1,\
73,3d,ac,4f,5c,69,25,8b,83,c2,85,05,7d,8b,1d,ff,51,a9,62,84,5f,f6,79,52,8d,\
87,9b,77,b6,bf,40,c4,f6,8e,1e,05,62,c9,4e,2f,3a,f8,24,48,c8,93,0c,06,3a,93,\
85,87,ec,5a,e0,19,19,73,69,a8,37,d7,66,b4,6d,cf,7d,8b,9e,ef,1c,5e,85,05,b3,\
08,9e,74,d4,b3,2f,9e,8e,02,52,c0,7e,97,ac,00,37,36,75,af,f8,0e,e8,03,a6,aa,\
32,d4,b7,f8,76,19,78,b6,48,9b,86,7a,a7,48,76,91,b3,a0,d9,85,71,c4,74,d8,1b,\
df,4b,24,a0,78,3a,af,79,e3,0c,bd,5a,ae,d0,dd,51,58,a6,e1,5e,60,b6,5b,a4,bd,\
2e,ed,47,92,4f,36,61,24,4a,34,c3,70,07,e7,e9,93,ec,25,b0,b8,db,0c,4f,ec,f6,\
d1,9b,2a,12,c1,e9,24,9a,19,9b,39,77,25,e6,71,db,99,04,3c,63,b7,dd,80,f7,b7,\
bb,59,20,fc,e9,5c,a6,22,8f,17,6c,3c,a6,ba,01,ff,ce,6d,79,1e,a0,df,e2,63,8d,\
e5,b4,ea,c3,e4,dc,c9,7e,89,8a,1d,06,e0,ed,ef,27,74,8d,7e,6b,5a,ad,f5,20,5c,\
c6,44,14,eb,17,96,f2,a7,a6,a2,de,c1,e2,fc,b7,49,f2,6b,2a,93,5e,a2,35,5d,cc,\
03,00,dc,8c,dc,e2,84,d1,32,fa,ef,c8,2d,67,be,09,8c,12,f0,03,2d,a8,0c,d4,69,\
07,71,86,17,5c,d2,02,fb,63,10,9a,4a,f2,55,4f,eb,ba,d6,a7,23,4b,0d,b3,b6,45,\
eb,38,c5,8a,66,92,90,c6,e0,2d,b7,f9,b6,08,53,73,d4,0b,cb,08,4b,cb,81,00,4c,\
3d,92,ac,e6,86,7f,36,62,6f,a2,37,fe,ee,25,00,08,4f,94,af,88,fc,3d,62,2e,ea,\
82,17,bf,17,c5,21,f4,a6,5f,71,9c,84,3a,10,05,aa,b7,2d,ec,8b,df,0e,0d,0f,f0,\
39,ca,78,d5,77,d2,3d,f8,9f,41,f5,7b,1e,38,1e,17,ee,79,2c,a0,d6,46,b7,62,e0,\
73,40,18,6d,58,23,d4,52,ed,2f,90,b7,29,ba,d8,a0,22,e1,10,43,0b,54,b4,48,32,\
19,1e,72,f8,74,81,ea,e7,2c,91,be,84,83,80,cb,f4,85,11,1b,21,4f,a5,6c,c8,a1,\
c0,d3,b8,2a,04,af,4a,c8,e7,39,ee,94,7f,c0,54,10,27,31,78,c6,44,c7,c5,c0,25,\
78,2b,d8,c4,b6,13,8f,39,0c,d0,15,84,6c,18,e3,c8,d5,76,87,3f,30,3f,f9,3c,1f,\
ea,fe,14,e1,18,08,fc,2f,04,c2,aa,26,5b,5b,80,7f,7c,4e,b6,6e,81,83,52,e3,f7,\
32,8f,fb,bb,be,86,9c,f5,8a,8a,ba,b0,73,2c,75,25,71,66,e3,ac,6b,ee,08,14,53,\
df,17,c5,91,b7,2b,d0,84,82,3e,81,6a,ea,b4,60,40,1a,4b,b3,d6,53,ee,06,72,9d,\
9f,da,d1,20,ec,97,ec,46,78,bd,aa,3a,d4,59,14,68,27,04,6e,28,79,37,25,f7,7c,\
fb,c4,71,83,14,b4,44,7e,c9,57,c5,36,72,28,15,6e,56,16,54,18,58,c4,94,81,8a,\
ae,fd,0d,d6,f3,da,36,6a,e7,0b,59,7b,02,ef,ac,fc,ea,49,4d,0b,b4,50,d6,0e,48,\
02,31,38,ad,7c,92,8e,fb,4b,fc,23,16,06,2c,eb,bb,d6,e3,3e,34,10,fa,2d,83,22,\
6b,f0,65,a6,c7,64,41,a7,a4,8c,f9,2f,29,e5,89,96,bc,54,62,46,9f,80,83,19,3f,\
ef,f2,80,c8,ed,c8,9d,33,5a,30,3d,0f,d8,ad,12,c9,64,bd,7d,ba,53,a9,32,97,d4,\
27,68,89,8b,03,2b,ae,d7,ba,f8,8a,c7,74,09,a9,d5,91,02,15,94,7f,08,a3,42,91,\
50,4e,df,3a,3e,9f,80,32,bd,51,63,23,90,d5,0f,ed,8c,93,01,6c,d7,55,4e,2b,0f,\
7a,f0,b5,18,80,bc,e0,33,ce,fe,b3,d6,b1,96,2a,d8,c0,d5,36,c1,9f,3d,e9,4e,a2,\
21,6c,2c,14,68,c9,8d,7a,8a,b4,ad,ea,4e,54,75,e7,5e,22,65,c9,0f,70,96,60,81,\
08,a7,94,d7,38,14,d9,e1,c2,8f,c9,ff,b4,40,6e,aa,5a,88,e1,aa,88,49,e8,2d,8a,\
09,2e,5e,e0,e1,33,dd,6b,47,08,85,bc,b0,8a,6c,c1,30,fb,15,46,81,7f,6f,fd,44,\
47,8c,65,16,ed,46,9b,dd,6b,79,4f,a5,b1,bb,33,5a,ae,16,0c,f1,80,44,61,5d,b1,\
90,d2,3c,f7,37,b8,ce,46,59,4d,1e,89,27,6a,5e,c1,5b,13,e0,f3,4f,19,e9,c2,54,\
45,69,91,12,c7,14,bf,94,7f,f0,87,0e,d4,72,5e,7e,27,89,45,60,14,3d,96,43,10,\
e7,d7,52,05,eb,3b,44,e6,62,2b,29,5a,48,e9,78,7e,bb,48,50,eb,3c,b3,33,13,
[ magna86 @ 13.11.2009. 20:24 ] @
Ok...to je to
imas tu par ostataka ali nista nije maliciozno....nema potrebe da diramo.

Start >> Run
kopiraj ovo:

Citat:
Combofix /u


Ok

ovo ce uninstalirati Combofix,resetovati system restore i pobrisati njegove becup foldere...

ti bi jos mogao da proveris sledeci file:
c:\windows\system32\HJSMEM.DAT <---file ...upload na Virustotal


a sto se tice te greske...vidi dal pomaze da msvcrt.dll skines sa neta i stavis/kopiras u C:/Windows/system32 folder

to bi bilo to...


[ xman25 @ 14.11.2009. 06:53 ] @
Fajl c:\windows\system32\HJSMEM.DAT je cist na Virustotal-u.
Skinuo sam msvcrt.dll , on mi se vec nalazi u C:/Windows/system32
Taj falj se nalazi na vise mesta u C:/windows ne znam sa kog mesta nedostaje.

BTW sada imam drugi problem. Ostavio sam da mi se preko noci skidaju 2, 3 filma (racunar se sam ugasi nakon skidanja). Kada sam ga jutros upalio poceo je da se dize sistem i stane kada se pojave one crtice za ucitavanje XP-a i na tome ostane. Znaci nece da mi se podigne sistem normalno. Sada pisem iz safe moda. Probao sam i sa system restore na vreme kada je sve bilo ok i nista. Ne znam kako sad to da resim? Imam uradjenu rezervnu kopiju preko Acronis True Image-a pa mogu tako da vratim racunar na stanje kada je sve bilo OK ali mrzi me to da radim jer cu morati mnoge programe ponovo da instaliram. Ako mozes pomagaj.

Koristim LastXP v22. Dodje mi da dignem ruke o tih budzenih OS-a i da se vratim na obican XP.
[ valjan @ 14.11.2009. 18:32 ] @
Pa sto ne rece odmah da imas budzevinu? Nije lepo da se ljudi ubiju pomagajuci ti da vratis nesto sto mozda po defautu nisi ni imao jer je "budzitelj" tako bio odlucio. Digni ruke, ja ti toplo preporucujem!
[ xman25 @ 15.11.2009. 18:41 ] @
Radio je sistem extra do sada. Virus je neki sigurno uleteo. Vraticu obican XP.
[ grayzer01 @ 26.11.2009. 17:56 ] @
I ja imam problem sa Firefox-om. Do ovog trenutka je sve bilo uredu a vec u sledecem vise nece da se pokrene i izbacuje sledecu poruku:
XML Parsing Error: undefined entity
Location: chrome://browser/content/browser.xul
Line Number 34, Column 1:

<window id="main-window"
^

Dali neko zna o cemu se radi?